Details of VAR-201708-0984

ID

VAR-201708-0984

CVE

CVE-2017-11392

TITLE

Trend Micro InterScan Messaging Security Virtual Appliance Command injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-006620 // CNNVD: CNNVD-201707-674

DESCRIPTION

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-4745 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the modTMCSS Proxy functionality. An attacker can leverage this vulnerability to execute arbitrary code under the context of the imss user. that integrates anti-virus, anti-spyware and anti-phishing technologies to provide comprehensive protection for email applications. The issue presents itself when the 'VirusEvent' directive in the 'clamav.conf' configuration file has been enabled and the 'Dazuko' module is used with the antivirus software. Although unconfirmed, all versions of the application are assumed to vulnerable at the moment. This information will be updated as more details become available. Failed exploit attempts will result in a denial-of-service condition

Trust: 3.33

sources: NVD: CVE-2017-11392 // JVNDB: JVNDB-2017-006620 // ZDI: ZDI-17-504 // CNVD: CNVD-2017-21035 // BID: 10007 // BID: 100075

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-21035

AFFECTED PRODUCTS

vendor:	trend micro	model:	interscan messaging security virtual appliance	scope:	eq	version:	9.1	Trust: 1.7
vendor:	trend micro	model:	interscan messaging security virtual appliance	scope:	eq	version:	9.0	Trust: 1.7
vendor:	trendmicro	model:	interscan messaging security virtual appliance	scope:	eq	version:	9.0	Trust: 1.6
vendor:	trendmicro	model:	interscan messaging security virtual appliance	scope:	eq	version:	9.1	Trust: 1.6
vendor:	trend micro	model:	interscan messaging security	scope:	-	version:	-	Trust: 0.7
vendor:	clam	model:	anti-virus clamav	scope:	eq	version:	0.68-1	Trust: 0.3
vendor:	clam	model:	anti-virus clamav	scope:	eq	version:	0.68	Trust: 0.3
vendor:	clam	model:	anti-virus clamav	scope:	eq	version:	0.67	Trust: 0.3
vendor:	clam	model:	anti-virus clamav	scope:	eq	version:	0.65	Trust: 0.3
vendor:	clam	model:	anti-virus clamav	scope:	eq	version:	0.60	Trust: 0.3
vendor:	clam	model:	anti-virus clamav	scope:	eq	version:	0.54	Trust: 0.3
vendor:	clam	model:	anti-virus clamav	scope:	eq	version:	0.53	Trust: 0.3
vendor:	clam	model:	anti-virus clamav	scope:	eq	version:	0.52	Trust: 0.3
vendor:	clam	model:	anti-virus clamav	scope:	eq	version:	0.51	Trust: 0.3
vendor:	clam	model:	anti-virus clamav	scope:	ne	version:	0.70	Trust: 0.3

sources: ZDI: ZDI-17-504 // CNVD: CNVD-2017-21035 // BID: 10007 // BID: 100075 // JVNDB: JVNDB-2017-006620 // CNNVD: CNNVD-201707-674 // NVD: CVE-2017-11392

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-11392
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-11392
value:	HIGH
Trust: 0.8
ZDI:	CVE-2017-11392
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2017-21035
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201707-674
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-11392
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.5
CNVD:	CNVD-2017-21035
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-11392
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-17-504 // CNVD: CNVD-2017-21035 // JVNDB: JVNDB-2017-006620 // CNNVD: CNNVD-201707-674 // NVD: CVE-2017-11392

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.8

sources: JVNDB: JVNDB-2017-006620 // NVD: CVE-2017-11392

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-674

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201707-674

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006620

PATCH

title:	Solution ID: 1117723	url:	https://success.trendmicro.com/solution/1117723	Trust: 1.5
title:	TrendMicroInterScanMessagingSecurityVirtualAppliance Command Injection Vulnerability (CNVD-2017-21035)	url:	https://www.cnvd.org.cn/patchInfo/show/100115	Trust: 0.6

sources: ZDI: ZDI-17-504 // CNVD: CNVD-2017-21035 // JVNDB: JVNDB-2017-006620

EXTERNAL IDS

db:	NVD	id:	CVE-2017-11392	Trust: 4.0
db:	ZDI	id:	ZDI-17-504	Trust: 3.2
db:	BID	id:	100075	Trust: 1.3
db:	BID	id:	10007	Trust: 0.9
db:	JVN	id:	JVNVU98736894	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-006620	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4745	Trust: 0.7
db:	CNVD	id:	CNVD-2017-21035	Trust: 0.6
db:	CNNVD	id:	CNNVD-201707-674	Trust: 0.6
db:	ZDI	id:	ZDI-17-502	Trust: 0.3

sources: ZDI: ZDI-17-504 // CNVD: CNVD-2017-21035 // BID: 10007 // BID: 100075 // JVNDB: JVNDB-2017-006620 // CNNVD: CNNVD-201707-674 // NVD: CVE-2017-11392

REFERENCES

url:	https://success.trendmicro.com/solution/1117723	Trust: 2.6
url:	http://www.zerodayinitiative.com/advisories/zdi-17-504	Trust: 2.2
url:	http://www.securityfocus.com/bid/100075	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11392	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98736894/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11392	Trust: 0.8
url:	http://www.clamav.net/	Trust: 0.3
url:	/archive/1/359017	Trust: 0.3
url:	http://www.trend.com	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-17-502/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-17-504/	Trust: 0.3

sources: ZDI: ZDI-17-504 // CNVD: CNVD-2017-21035 // BID: 10007 // BID: 100075 // JVNDB: JVNDB-2017-006620 // CNNVD: CNNVD-201707-674 // NVD: CVE-2017-11392

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 0.7

sources: ZDI: ZDI-17-504

SOURCES

db:	ZDI	id:	ZDI-17-504
db:	CNVD	id:	CNVD-2017-21035
db:	BID	id:	10007
db:	BID	id:	100075
db:	JVNDB	id:	JVNDB-2017-006620
db:	CNNVD	id:	CNNVD-201707-674
db:	NVD	id:	CVE-2017-11392

LAST UPDATE DATE

2024-08-14T13:30:03.275000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-504	date:	2017-07-31T00:00:00
db:	CNVD	id:	CNVD-2017-21035	date:	2017-08-15T00:00:00
db:	BID	id:	10007	date:	2004-03-30T00:00:00
db:	BID	id:	100075	date:	2017-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-006620	date:	2017-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201707-674	date:	2017-08-04T00:00:00
db:	NVD	id:	CVE-2017-11392	date:	2017-08-05T01:29:02.877

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-17-504	date:	2017-07-31T00:00:00
db:	CNVD	id:	CNVD-2017-21035	date:	2017-08-15T00:00:00
db:	BID	id:	10007	date:	2004-03-30T00:00:00
db:	BID	id:	100075	date:	2017-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-006620	date:	2017-08-30T00:00:00
db:	CNNVD	id:	CNNVD-201707-674	date:	2017-07-18T00:00:00
db:	NVD	id:	CVE-2017-11392	date:	2017-08-03T15:29:00.357