CVE-2018-6231

CWE-78 — OS Command Injection4 documents4 sources

Severity

9.8CRITICAL

EPSS

16.0%

top 5.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Smart Protection Server Trend Micro Trend Micro Smart Protection Server (standalone)

Timeline

PublishedMar 15

Latest updateMay 13

Description

A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro/trend_micro_smart_protection_server_(standalone)3.0, 3.1, 3.2, 3.3

▶NVDtrendmicro/smart_protection_server3.3

🔴Vulnerability Details

GHSA

GHSA-cw4p-9wfm-98vg: A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3↗2022-05-13

▶

CVEList

CVE-2018-6231: A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3↗2018-03-15

▶