Vulnerability Details : CVE-2017-6338
Potential exploit
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
Products affected by CVE-2017-6338
- cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6338
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6338
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-6338
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6338
-
http://www.securityfocus.com/bid/97482
Trend Micro InterScan Web Security Virtual Appliance Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf
Exploit;Technical Description;Third Party Advisory
-
https://success.trendmicro.com/solution/1116960
Multiple Vulnerabilities - InterScan Web Security Virtual Appliance 6.5Patch;Vendor Advisory
Jump to