Vulnerability Details : CVE-2016-9269
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737.
Products affected by CVE-2016-9269
- cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9269
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9269
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
9.9
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
3.1
|
6.0
|
NIST |
CWE ids for CVE-2016-9269
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9269
-
http://www.securityfocus.com/bid/96252
Trend Micro InterScan Web Security Virtual Appliance Multiple Security vulnerabilities
-
http://www.securitytracker.com/id/1037849
Trend Micro InterScan Web Security Virtual Appliance Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Let Remote Authenticated Users Execute Arbitrary Commands and Gain Elevated Privileg
-
https://success.trendmicro.com/solution/1116672
Apply Critical Patch 1737 to resolve vulnerabilities - IWSVAPatch;Vendor Advisory
Jump to