SSRF attack in Trend Micro OfficeScan
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-918 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
OfficeScan Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Server-side request forgery
EUVDB-ID: #VU9345
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform SSRF attack.
The vulnerability exists due to improper input validation of data passed via the "url" HTTP GET parameter to "/officescan/console/html/Widget/help_proxy.php" script. A remote attacker can create a specially crafted link, trick the victim into opening it and perform SSRF attack.
Successful exploitation of the vulnerability may allow an attacker to perform arbitrary HTTP requests to external and internal servers.
Exploitation example:
https://[host]:4343/officescan/console/html/Widget/help_proxy.php?url=http://<REQUESTED-IP>:8080Mitigation
Install update form vendor's website:
OfficeScan XG update
OfficeScan: 11.0 - XG
External linkshttp://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERVER-SIDE-REQUEST-FORGERY.txt
http://seclists.org/bugtraq/2017/Oct/9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
