#VU47107 Command Injection in ServerProtect
Vulnerability identifier: #VU47107
Vulnerability risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-77
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
ServerProtect
Server applications /
Other server solutions
Vendor: Trend Micro
Description
The vulnerability allows a local user to escalate privileges on the system.
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. A local privileged user can inject and execute code on the system with elevated privileges.
Mitigation
Install update from vendor's website.
Vulnerable software versions
ServerProtect: 3.0
External links
http://success.trendmicro.com/solution/000268419
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
