CVE-2017-6398

Name of the Vulnerable Software and Affected Versions Trend Micro InterScan Messaging Security (Virtual Appliance) version 9.1-1600

Description The issue allows an authenticated user to execute a terminal command in the context of the web server user, which is root. The default installation comes with default administrator credentials. The "saveCert.imss" endpoint takes user inputs, performs blacklisting, and uses them as arguments to a predefined operating-system command without proper sanitization. Due to an improper blacklisting rule, it's possible to inject arbitrary commands into it.

Recommendations For Trend Micro InterScan Messaging Security (Virtual Appliance) version 9.1-1600, consider changing the default administrator credentials to prevent unauthorized access. As a temporary workaround, restrict access to the "saveCert.imss" endpoint to minimize the risk of exploitation. Avoid using this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.