CVE-2017-11381 — OS Command Injection in Micro INC Trend Micro Deep Discovery Director

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

18.5%

top 4.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro INC Trend Micro Deep Discovery Director Trendmicro Deep Discovery Director

Timeline

PublishedAug 1

Latest updateMay 13

Description

A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/deep_discovery_director1.1

▶CVEListV5trend_micro_inc/trend_micro_deep_discovery_director1.1

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-2w6q-m8h4-hw6m: A command injection vulnerability exists in Trend Micro Deep Discovery Director 1↗2022-05-13

▶

CVEList

CVE-2017-11381: A command injection vulnerability exists in Trend Micro Deep Discovery Director 1↗2017-08-01

▶