PT-2017-11969 · Trend Micro · Trend Micro Control Manager

Rgod

Publicado

2017-08-02

Atualizado

2017-08-08

CVE-2017-11383

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Control Manager version 6.0

Description The issue is related to a SQL injection that causes remote code execution due to inadequate user input validation in the cmdHandlerTVCSCommander.dll module. This occurs when executing a specific opcode, 0x1b07.

Recommendations For Trend Micro Control Manager version 6.0, update the software to a version that includes proper user input validation to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the cmdHandlerTVCSCommander.dll module to minimize the risk of exploitation.

Correção

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2017-11383

ZDI-17-493

Produtos afetados

Trend Micro Control Manager

PT-2017-11969 · Trend Micro · Trend Micro Control Manager

CVE-2017-11383

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7