CVE-2017-11394 : Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) a

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.

Published 2017-08-03 15:29:00

Updated 2017-10-14 01:29:00

Source Trend Micro, Inc.

View at NVD, CVE.org

Vulnerability category: Input validationExecute code

Products affected by CVE-2017-11394

Trendmicro » Officescan » Version: 11.0 Update SP1
cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
Matching versions
Trendmicro » Officescan » Version: 12.0
cpe:2.3:a:trendmicro:officescan:12.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-11394

EPSS FAQ

81.49%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2017-11394

Trend Micro OfficeScan Remote Code Execution

Disclosure Date: 2017-10-07

First seen: 2020-04-26

exploit/windows/http/trendmicro_officescan_widget_exec

This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 44

More information

CVSS scores for CVE-2017-11394

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-11394

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-11394

https://www.exploit-db.com/exploits/42971/

Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
http://www.securityfocus.com/bid/100130

Trend Micro OfficeScan 'Proxy.php' Command Injection Vulnerability
Third Party Advisory;VDB Entry
https://success.trendmicro.com/solution/1117769

Resolve multiple XSS and RCE vulnerabilities - OfficeScan
Mitigation;Patch;Vendor Advisory

CVEs referencing this url
http://www.zerodayinitiative.com/advisories/ZDI-17-521

ZDI-17-521 | Zero Day Initiative
Third Party Advisory;VDB Entry

Jump to