Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 HTTP Message AddVLANItem os command injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 (Anti-Malware Software). It has been rated as critical. Affected by this issue is the function AddVLANItem of the component HTTP Message Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field11/19/2020 06:57 AM12/08/2020 11:48 PM12/08/2020 11:53 PM
vendorTrend MicroTrend MicroTrend Micro
nameInterScan Web Security Virtual ApplianceInterScan Web Security Virtual ApplianceInterScan Web Security Virtual Appliance
version6.5 SP26.5 SP26.5 SP2
componentHTTP Message HandlerHTTP Message HandlerHTTP Message Handler
functionAddVLANItemAddVLANItemAddVLANItem
cwe78 (privilege escalation)78 (privilege escalation)78 (privilege escalation)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rcCCC
identifiertra-2020-63tra-2020-63tra-2020-63
urlhttps://www.tenable.com/security/research/tra-2020-63https://www.tenable.com/security/research/tra-2020-63https://www.tenable.com/security/research/tra-2020-63
confirm_urlhttps://success.trendmicro.com/solution/000281954https://success.trendmicro.com/solution/000281954https://success.trendmicro.com/solution/000281954
cveCVE-2020-28580CVE-2020-28580CVE-2020-28580
date1605740400 (11/19/2020)1605740400 (11/19/2020)1605740400 (11/19/2020)
typeAnti-Malware SoftwareAnti-Malware SoftwareAnti-Malware Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss3_vuldb_sUUU
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore6.56.56.5
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.36.3
cvss3_meta_basescore6.36.36.7
cvss3_meta_tempscore6.36.36.7
price_0day$5k-$25k$5k-$25k$5k-$25k
cve_assigned16052220001605222000
cve_nvd_summaryA command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
cvss2_nvd_aiC
cvss2_nvd_basescore9.0
cvss3_nvd_basescore7.2
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prH
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciC
cvss2_nvd_iiC

Do you know our Splunk app?

Download it now for free!