Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-8605

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
89.5%
top 0.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Trend Micro Trend Micro Interscan WEB Security Virtual ApplianceTrendmicro Interscan WEB Security Virtual Appliance
Timeline
PublishedMay 27
Latest updateMay 24

Description

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-8phw-63g4-q6pq: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 62022-05-24
CVEList
CVE-2020-8605: A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 62020-05-27

💥Exploits & PoCs

1
Exploit-DB
Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 - Remote Code Execution (Metasploit)2020-07-14
CVE-2020-8605 (HIGH CVSS 8.8) | A vulnerability in Trend Micro Inte | cvebase.io