CVE-2017-6398

Published: Mar 14, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it.

Affected (1)

Products: Trendmicro: Interscan Messaging Security Virtual Appliance

1 product

Interscan Messaging Security Virtual Appliance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Interscan Messaging Security Virtual Appliance	Version 9.1-1600

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

http://www.securityfocus.com/bid/96859

Source: cve@mitre.org

https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/96859

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.