CVE-2018-6222

moderate-risk
Published 2018-03-15

Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.

Do I need to act?

-
0.40% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
44166
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Trendmicro

References (6)

Patch https://success.trendmicro.com/solution/1119349
Exploit https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-mul...
Exploit https://www.exploit-db.com/exploits/44166/
Patch https://success.trendmicro.com/solution/1119349
Exploit https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-mul...
Exploit https://www.exploit-db.com/exploits/44166/
38
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 9/34 · Low
Exposure 5/34 · Minimal