Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-14086

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.5HIGH
EPSS
14.2%
top 5.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Trend Micro Trend Micro OfficescanTrendmicro Officescan
Timeline
PublishedOct 6
Latest updateMay 13

Description

Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDtrendmicro/officescan11.0, 12.0+1
CVEListV5trend_micro/trend_micro_officescan11.0, XG (12.0)

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-jp95-4qv6-mgv5: Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 112022-05-13
CVEList
CVE-2017-14086: Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 112017-10-05

💥Exploits & PoCs

1
Exploit-DB
Trend Micro OfficeScan 11.0/XG (12.0) - Code Execution / Memory Corruption2017-09-28
CVE-2017-14086 (HIGH CVSS 7.5) | Pre-authorization Start Remote Proc | cvebase.io