Lucene search

[email protected]NVD:CVE-2016-5840

HistoryJun 30, 2016 - 4:59 p.m.

CVE-2016-5840

2016-06-3016:59:11

CWE-20

[email protected]

web.nvd.nist.gov

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

JSON

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.

Affected configurations

NVD

Node

trend_microdeep_discovery_inspectorMatch3.7

trend_microdeep_discovery_inspectorMatch3.81

trend_microdeep_discovery_inspectorMatch3.82

References

esupport.trendmicro.com/solution/en-US/1114281.aspx

jvn.jp/en/jp/JVN55428526/index.html

jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html

www.zerodayinitiative.com/advisories/ZDI-16-373

www.exploit-db.com/exploits/40180/

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

JSON

Related for NVD:CVE-2016-5840

zdt1 openvas1 zdi1 cve1 cvelist1 jvn1 prion1