CVE-2017-9034

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICAL
EPSS
5.6%
top 9.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Trendmicro Serverprotect
Timeline
PublishedMay 26
Latest updateMay 13

Description

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-rc78-crmm-7f5v: Trend Micro ServerProtect for Linux 32022-05-13
CVEList
CVE-2017-9034: Trend Micro ServerProtect for Linux 32017-05-25
CVE-2017-9034 (CRITICAL CVSS 9.8) | Trend Micro ServerProtect for Linux | cvebase.io