CVE-2020-28578

Name of the Vulnerable Software and Affected Versions: Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2

Description: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations: For Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2, consider restricting access to the appliance until a patch is available. As a temporary workaround, disabling the HTTP service or restricting the ability to send specially crafted HTTP messages may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.