CVE-2017-11392

2017-08-03T15:29:00

Description

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.

Affected Software

CPE Name	Name	Version
trendmicro:interscan_messaging_security_virtual_appliance	trendmicro interscan messaging security virtual appliance	9.0
trendmicro:interscan_messaging_security_virtual_appliance	trendmicro interscan messaging security virtual appliance	9.1

{"id": "CVE-2017-11392", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2017-11392", "description": "Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the \"T\" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.", "published": "2017-08-03T15:29:00", "modified": "2017-08-05T01:29:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.5}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11392", "reporter": "security@trendmicro.com", "references": ["https://success.trendmicro.com/solution/1117723", "http://www.zerodayinitiative.com/advisories/ZDI-17-504", "http://www.securityfocus.com/bid/100075"], "cvelist": ["CVE-2017-11392"], "immutableFields": [], "lastseen": "2023-02-08T15:44:08", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "zdi", "idList": ["ZDI-17-504"]}], "rev": 4}, "score": {"value": 7.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "zdi", "idList": ["ZDI-17-504"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "trendmicro interscan messaging security virtual appliance", "version": 9}, {"name": "trendmicro interscan messaging security virtual appliance", "version": 9}]}, "epss": [{"cve": "CVE-2017-11392", "epss": "0.031090000", "percentile": "0.895400000", "modified": "2023-03-14"}], "vulnersScore": 7.1}, "_state": {"dependencies": 1675871168, "score": 1675871070, "affected_software_major_version": 1677268883, "epss": 1678838010}, "_internal": {"score_hash": "b59aa6cd5e74702be44d6e8fece0d0c4"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:trendmicro:interscan_messaging_security_virtual_appliance:9.1", "cpe:/a:trendmicro:interscan_messaging_security_virtual_appliance:9.0"], "cpe23": ["cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1:*:*:*:*:*:*:*"], "cwe": ["CWE-77"], "affectedSoftware": [{"cpeName": "trendmicro:interscan_messaging_security_virtual_appliance", "version": "9.0", "operator": "eq", "name": "trendmicro interscan messaging security virtual appliance"}, {"cpeName": "trendmicro:interscan_messaging_security_virtual_appliance", "version": "9.1", "operator": "eq", "name": "trendmicro interscan messaging security virtual appliance"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://success.trendmicro.com/solution/1117723", "name": "https://success.trendmicro.com/solution/1117723", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-504", "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-504", "refsource": "MISC", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "http://www.securityfocus.com/bid/100075", "name": "100075", "refsource": "BID", "tags": []}], "product_info": [{"vendor": "Trend Micro", "product": "Trend Micro InterScan Messaging Security Virtual Appliance"}]}

{"zdi": [{"lastseen": "2022-01-31T21:32:33", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Messaging Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the modTMCSS Proxy functionality. When parsing the \"T\" parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of the imss user.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-31T00:00:00", "type": "zdi", "title": "Trend Micro InterScan Messaging Security Proxy Command Injection Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11392"], "modified": "2017-07-31T00:00:00", "id": "ZDI-17-504", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-504/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}

CVE-2017-11392

Description

Affected Software

Related