VDB-165140 · CVE-2020-28580 · tra-2020-63

Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 HTTP Message AddVLANItem os command injection

A vulnerability was found in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 (Anti-Malware Software). It has been rated as critical. Affected by this issue is the function AddVLANItem of the component HTTP Message Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	11/19/2020 06:57 AM	12/08/2020 11:48 PM	12/08/2020 11:53 PM
vendor	Trend Micro	Trend Micro	Trend Micro
name	InterScan Web Security Virtual Appliance	InterScan Web Security Virtual Appliance	InterScan Web Security Virtual Appliance
version	6.5 SP2	6.5 SP2	6.5 SP2
component	HTTP Message Handler	HTTP Message Handler	HTTP Message Handler
function	AddVLANItem	AddVLANItem	AddVLANItem
cwe	78 (privilege escalation)	78 (privilege escalation)	78 (privilege escalation)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rc	C	C	C
identifier	tra-2020-63	tra-2020-63	tra-2020-63
url	https://www.tenable.com/security/research/tra-2020-63	https://www.tenable.com/security/research/tra-2020-63	https://www.tenable.com/security/research/tra-2020-63
confirm_url	https://success.trendmicro.com/solution/000281954	https://success.trendmicro.com/solution/000281954	https://success.trendmicro.com/solution/000281954
cve	CVE-2020-28580	CVE-2020-28580	CVE-2020-28580
date	1605740400 (11/19/2020)	1605740400 (11/19/2020)	1605740400 (11/19/2020)
type	Anti-Malware Software	Anti-Malware Software	Anti-Malware Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_s	U	U	U
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	6.5	6.5	6.5
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.3	6.3	6.3
cvss3_meta_basescore	6.3	6.3	6.7
cvss3_meta_tempscore	6.3	6.3	6.7
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve_assigned		1605222000	1605222000
cve_nvd_summary		A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.	A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
cvss2_nvd_ai			C
cvss2_nvd_basescore			9.0
cvss3_nvd_basescore			7.2
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			H
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			C
cvss2_nvd_ii			C

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!