CVE-2017-11395

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

8.5%

top 7.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Smart Protection Server (standalone)Trendmicro Smart Protection Server

Timeline

PublishedSep 22

Latest updateMay 13

Description

Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro/smart_protection_server_(standalone)3.1, 3.2+1

▶NVDtrendmicro/smart_protection_server3.1, 3.2+1

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-gjxh-6cmw-9vh2: Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3↗2022-05-13

▶

CVEList

CVE-2017-11395: Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3↗2017-09-22

▶