Security restrictions bypass in Threat Discovery Appliance - CVE-2016-7552
Published: August 22, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU7991
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2016-7552
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Trend Micro
Affected software:
Threat Discovery Appliance
Threat Discovery Appliance
Detailed vulnerability description
The vulnerability allows a remote attacker to conduct a directory traversal attack on the target system.
The weakness exists in the logoff.cgi script due to improper processing of a session_id cookie. A remote attacker can send specially crafted data, delete arbitrary files in the logoff.cgi script, reset the administrator password to 'admin' if the system is rebooted and bypass authentication restrictions or cause DoS condition.
Successful exploitation of the vulnerability may result in system crash.
The weakness exists in the logoff.cgi script due to improper processing of a session_id cookie. A remote attacker can send specially crafted data, delete arbitrary files in the logoff.cgi script, reset the administrator password to 'admin' if the system is rebooted and bypass authentication restrictions or cause DoS condition.
Successful exploitation of the vulnerability may result in system crash.
How to mitigate CVE-2016-7552
Install update from vendor's website.