PT-2017-2557 · Trend Micro · Trend Micro Officescan

Steven Seeley

Publicado

2017-08-03

Atualizado

2017-11-29

CVE-2017-11393

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan versions 11 and 12

Description The issue is related to a proxy command injection vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations. This can be exploited by parsing the tr parameter within "Proxy.php". The vulnerability exists due to insufficient input validation, which may allow a remote attacker to execute arbitrary code as a result of processing the tr parameter.

Recommendations For Trend Micro OfficeScan versions 11 and 12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2017-01769

CVE-2017-11393

ZDI-17-522

Produtos afetados

Trend Micro Officescan

PT-2017-2557 · Trend Micro · Trend Micro Officescan

CVE-2017-11393

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7