CVE-2020-8466OS Command Injection in Micro Interscan WEB Security Virtual Appliance

CWE-78OS Command InjectionCWE-77Command Injection4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
27.3%
top 3.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro Interscan WEB Security Virtual ApplianceTrendmicro Interscan WEB Security Virtual Appliance
Timeline
PublishedDec 17
Latest updateMay 24

Description

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-c8qx-8jr7-qrj4: A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 62022-05-24
CVEList
CVE-2020-8466: A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 62020-12-17

🔍Detection Rules

1
Suricata
ET EXPLOIT Trend Micro IWSVA Unauthenticated Command Injection Inbound (CVE-2020-8466)2021-04-08
CVE-2020-8466 — OS Command Injection in Trend | cvebase