Main Vulnerability Database Vulnerabilities #VU45890

Input validation error in InterScan Web Security Virtual Appliance (IWSVA) - CVE-2017-11396

Published: September 22, 2017 / Updated: August 21, 2020

Vulnerability identifier: #VU45890

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-11396

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Trend Micro

Affected software:
InterScan Web Security Virtual Appliance (IWSVA)

Detailed vulnerability description

The vulnerability allows a remote privileged user to execute arbitrary code.

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.

How to mitigate CVE-2017-11396

Install update from vendor's website.

Sources

https://success.trendmicro.com/solution/1117412

Input validation error in InterScan Web Security Virtual Appliance (IWSVA) - CVE-2017-11396

Detailed vulnerability description

How to mitigate CVE-2017-11396

Sources

Please verify you're human