Sign-up

ID

VAR-201703-1090


CVE

CVE-2017-6398


TITLE

Trend Micro InterScan Messaging Security (Virtual Appliance) Terminal command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-002211

DESCRIPTION

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition

Trust: 1.89

sources: NVD: CVE-2017-6398 // JVNDB: JVNDB-2017-002211 // BID: 96859

AFFECTED PRODUCTS

vendor:trendmicromodel:interscan messaging security virtual appliancescope:eqversion:9.1-1600

Trust: 1.6

vendor:trend micromodel:interscan messaging security virtual appliancescope:eqversion:9.1-1600

Trust: 0.8

vendor:trend micromodel:interscan messaging security suitescope:eqversion:9.1-1600

Trust: 0.3

sources: BID: 96859 // JVNDB: JVNDB-2017-002211 // CNNVD: CNNVD-201703-592 // NVD: CVE-2017-6398

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-6398
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201703-592
value: HIGH

Trust: 0.6

NVD: CVE-2017-6398
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2017-6398
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2017-002211 // CNNVD: CNNVD-201703-592 // NVD: CVE-2017-6398

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-77

Trust: 0.8

sources: JVNDB: JVNDB-2017-002211 // NVD: CVE-2017-6398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-592

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201703-592

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-6398

PATCH
title:InterScan Messaging Security Virtual Applianceurl:http://www.trendmicro.co.jp/jp/business/products/imsva/
Trust: 0.8
title:Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Executionurl:https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-002211

EXTERNAL IDS
db:NVDid:CVE-2017-6398
Trust: 2.7
db:BIDid:96859
Trust: 2.7
db:JVNDBid:JVNDB-2017-002211
Trust: 0.8
db:CNNVDid:CNNVD-201703-592
Trust: 0.6
sources:
            
            
            BID: 96859 // 
            
            
            
            JVNDB: JVNDB-2017-002211 // 
            
            
            
            CNNVD: CNNVD-201703-592 // 
            
            
            
            NVD: CVE-2017-6398

REFERENCES
url:http://www.securityfocus.com/bid/96859
Trust: 2.4
url:https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6398
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6398
Trust: 0.8
url:http/trend_micro_imsva_exec
Trust: 0.6
url:https://www.rapid7.com/db/modules/exploit/linux/
Trust: 0.6
url:http://www.trend.com
Trust: 0.3
url:https://pentest.blog/advisory-trend-micro-interscan-messaging-security-virtual-appliance-remote-code-execution/
Trust: 0.3
sources:
            
            
            BID: 96859 // 
            
            
            
            JVNDB: JVNDB-2017-002211 // 
            
            
            
            CNNVD: CNNVD-201703-592 // 
            
            
            
            NVD: CVE-2017-6398

CREDITS
Pentest Team.
Trust: 0.3
sources:
            
            
            BID: 96859

SOURCES
db:BIDid:96859
db:JVNDBid:JVNDB-2017-002211
db:CNNVDid:CNNVD-201703-592
db:NVDid:CVE-2017-6398

LAST UPDATE DATE
2022-05-04T09:29:41.479000+00:00

SOURCES UPDATE DATE
db:BIDid:96859date:2017-03-16T00:02:00
db:JVNDBid:JVNDB-2017-002211date:2017-04-03T00:00:00
db:CNNVDid:CNNVD-201703-592date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6398date:2019-10-03T00:03:00

SOURCES RELEASE DATE
db:BIDid:96859date:2017-03-14T00:00:00
db:JVNDBid:JVNDB-2017-002211date:2017-04-03T00:00:00
db:CNNVDid:CNNVD-201703-592date:2017-03-15T00:00:00
db:NVDid:CVE-2017-6398date:2017-03-14T09:59:00