CVE-2017-6398 - OpenCVE

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trendmicro	Interscan Messaging Security Virtual Appliance

Configuration 1 [-]

cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1-1600:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96859
https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-03-14T09:02:00

Updated: 2024-08-05T15:25:49.285Z

Reserved: 2017-02-28T00:00:00

Link: CVE-2017-6398

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-03-14T09:59:00.363

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-6398

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-15T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "96859", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96859"}, {"tags": ["x_refsource_MISC"], "url": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-6398", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "96859", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96859"}, {"name": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec", "refsource": "MISC", "url": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:25:49.285Z"}, "title": "CVE Program Container", "references": [{"name": "96859", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96859"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-6398", "datePublished": "2017-03-14T09:02:00", "dateReserved": "2017-02-28T00:00:00", "dateUpdated": "2024-08-05T15:25:49.285Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1-1600:*:*:*:*:*:*:*", "matchCriteriaId": "75281083-D5B3-4223-8446-011DF492D762", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it."}, {"lang": "es", "value": "Se ha descubierto un problema en Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. Un usuario autenticado puede ejecutar un comando terminal en el contexto del usuario del servidor web (que es root). Adem\u00e1s, la instalaci\u00f3n prederteminada de IMSVA viene con credenciales de administrador predeterminadas. El punto final saveCert.imss toma varias entradas de usuario y realiza listas negras. Despu\u00e9s de esto, los utiliza como argumentos para un comando predefinido del sistema operativo sin la apropiada desinfecci\u00f3n. Sin embargo, debido a una regla de lista negra incorrecta, es posible inyectar comandos arbitrarios en \u00e9l."}], "id": "CVE-2017-6398", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-14T09:59:00.363", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/96859"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}