CVE-2017-6339

Name of the Vulnerable Software and Affected Versions Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions 6.5 before CP 1746

Description The issue concerns the mismanagement of key and certificate data. By default, IWSVA acts as a private Certificate Authority (CA) and generates digital certificates for secure HTTPS connections. It also allows administrators to upload their own certificates. An attacker with low privileges can download the current CA certificate and Private Key, which can be used to decrypt HTTPS traffic and compromise confidentiality. The default Private Key is encrypted with a weak passphrase, making it easier for an attacker to decrypt the key if the default certificate and key are used.

Recommendations For Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions 6.5 before CP 1746, update to a version that includes CP 1746 or later to address the issue with key and certificate data mismanagement. As a temporary workaround, consider changing the default Private Key passphrase to a stronger one and restricting access to the CA certificate and Private Key to minimize the risk of exploitation.