CVE-2017-11393Improper Input Validation in Micro Officescan

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
8.4%
top 7.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro OfficescanTrendmicro Officescan
Timeline
PublishedAug 3
Latest updateMay 17

Description

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDtrendmicro/officescan11.0, 12.0+1
CVEListV5trend_micro/trend_micro_officescan11, XG (12)

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-cx8h-2r93-pmgw: Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable install2022-05-17
CVEList
CVE-2017-11393: Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable install2017-08-03
CVE-2017-11393 — Improper Input Validation in Trend | cvebase