CVE-2017-6339 - OpenCVE

Vendors	Products
Trendmicro	Interscan Web Security Virtual Appliance

Link	Providers
http://www.securityfocus.com/bid/97492
https://success.trendmicro.com/solution/1116960
https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://success.trendmicro.com/solution/1116960"}, {"name": "97492", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97492"}, {"tags": ["x_refsource_MISC"], "url": "https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-6339", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://success.trendmicro.com/solution/1116960", "refsource": "MISC", "url": "https://success.trendmicro.com/solution/1116960"}, {"name": "97492", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97492"}, {"name": "https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf", "refsource": "MISC", "url": "https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:25:49.143Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://success.trendmicro.com/solution/1116960"}, {"name": "97492", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97492"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-6339", "datePublished": "2017-04-05T16:00:00", "dateReserved": "2017-02-26T00:00:00", "dateUpdated": "2024-08-05T15:25:49.143Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "13E40CEF-289B-4946-AFAD-D247C5EEE20C", "versionEndIncluding": "6.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase."}, {"lang": "es", "value": "El dispositivo virtual de InterScan Web Security de Trend Micro (IWSVA) 6.5 en versiones anteriores a CP 1746 maneja mal ciertos datos de clave y certificado. Por IWSVA, por defecto, IWSVA act\u00faa como una entidad de certificaci\u00f3n privada (CA) y genera din\u00e1micamente certificados digitales que se env\u00edan a los navegadores de cliente para completar un paso seguro para conexiones HTTPS. Tambi\u00e9n permite a los administradores cargar sus propios certificados firmados por una root CA. Un atacante con privilegios bajos puede descargar el certificado actual de la CA y la clave privada (ya sea los predeterminados o los subidos por los administradores) y utilizarlos para descifrar el tr\u00e1fico HTTPS, comprometiendo as\u00ed la confidencialidad. Adem\u00e1s, la clave privada predeterminada de este dispositivo se cifra con una contrase\u00f1a muy d\u00e9bil. Si un dispositivo utiliza el certificado predeterminado y la clave privada proporcionada por Trend Micro, un atacante puede simplemente descargarlos y descifrar la clave privada usando la contrase\u00f1a predeterminada/d\u00e9bil."}], "id": "CVE-2017-6339", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-05T16:59:00.223", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97492"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://success.trendmicro.com/solution/1116960"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-521"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object