CVE-2017-11392

CWE-77Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
73.9%
top 1.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro Trend Micro Interscan Messaging Security Virtual ApplianceTrendmicro Interscan Messaging Security Virtual Appliance
Timeline
PublishedAug 3
Latest updateMay 17

Description

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-c97v-9pfc-p975: Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 92022-05-17
CVEList
CVE-2017-11392: Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 92017-08-03
CVE-2017-11392 (HIGH CVSS 8.8) | Proxy command injection vulnerabili | cvebase.io