CVE-2020-28578

Published: Nov 18, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

Affected (1)

Products: Trendmicro: Interscan Web Security Virtual Appliance

Trendmicro

1 product

Interscan Web Security Virtual Appliance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Interscan Web Security Virtual Appliance	Version 6.5 sp2

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://success.trendmicro.com/solution/000281954

Source: security@trendmicro.com

Vendor Advisory

https://www.tenable.com/security/research/tra-2020-63

Source: security@trendmicro.com

ExploitThird Party Advisory

https://success.trendmicro.com/solution/000281954

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tenable.com/security/research/tra-2020-63

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.