CVE-2017-6398 - OpenCVE

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Trendmicro	Interscan Messaging Security Virtual Appliance

Configuration 1 [-]

cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1-1600:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/96859
https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-03-14T09:02:00

Updated: 2017-03-15T09:57:01

Reserved: 2017-02-28T00:00:00

Link: CVE-2017-6398

JSON object: View

NVD Information

Status : Modified

Published: 2017-03-14T09:59:00.363

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-6398

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-15T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "96859", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96859"}, {"tags": ["x_refsource_MISC"], "url": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-6398", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "96859", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96859"}, {"name": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec", "refsource": "MISC", "url": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-6398", "datePublished": "2017-03-14T09:02:00", "dateReserved": "2017-02-28T00:00:00", "dateUpdated": "2017-03-15T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1-1600:*:*:*:*:*:*:*", "matchCriteriaId": "75281083-D5B3-4223-8446-011DF492D762", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it."}, {"lang": "es", "value": "Se ha descubierto un problema en Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. Un usuario autenticado puede ejecutar un comando terminal en el contexto del usuario del servidor web (que es root). Adem\u00e1s, la instalaci\u00f3n prederteminada de IMSVA viene con credenciales de administrador predeterminadas. El punto final saveCert.imss toma varias entradas de usuario y realiza listas negras. Despu\u00e9s de esto, los utiliza como argumentos para un comando predefinido del sistema operativo sin la apropiada desinfecci\u00f3n. Sin embargo, debido a una regla de lista negra incorrecta, es posible inyectar comandos arbitrarios en \u00e9l."}], "id": "CVE-2017-6398", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-14T09:59:00.363", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/96859"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}