This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TRENDMICRO_WFBS_CVE-2020-28574.NBINTrend Micro Worry-Free Business Security Remote File Deletion (000281948)
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.003 Low
EPSS
Percentile
71.4%
The Trend Micro Worry-Free Business Security (WFBS) is affected by a remote file deletion vulnerability in cgiLog.exe due to improper validation of a user-supplied path prior to using it in a file operation when handling the BinaryDataBlock parameter in an HTTP request. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to delete arbitrary files on the system.
Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.
Binary data trendmicro_wfbs_cve-2020-28574.nbin| Vendor | Product | Version | CPE |
|---|---|---|---|
| trendmicro | worry-free_business_security | cpe:/a:trendmicro:worry-free_business_security |
Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.003 Low
EPSS
Percentile
71.4%