CVE-2020-28580

CWE-78OS Command Injection3 documents3 sources
Severity
7.2HIGH
EPSS
73.4%
top 1.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro Trend Micro Interscan WEB Security Virtual ApplianceTrendmicro Interscan WEB Security Virtual Appliance
Timeline
PublishedNov 18
Latest updateMay 24

Description

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-3946-qxr3-66h7: A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 62022-05-24
CVEList
CVE-2020-28580: A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 62020-11-18
CVE-2020-28580 (HIGH CVSS 7.2) | A command injection vulnerability i | cvebase.io