CVE-2017-9034

Published: May 26, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.

Affected (1)

Products: Trendmicro: Serverprotect

Trendmicro

1 product

Serverprotect

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Serverprotect	Version 3.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/May/91

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://www.securitytracker.com/id/1038548

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/solution/1117411

Source: cve@mitre.org

PatchVendor Advisory

https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html