Trend Micro InterScan Web Security Virtual Appliance Privilege Escalation Vulnerability

Trend Micro InterScan Web Security Virtual Appliance is prone to a privilege-escalation vulnerability.

An attacker can exploit this issue to gain elevated privileges.

Information

Bugtraq ID: 97482
Class: Design Error
CVE: CVE-2017-6338

Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Credit: Kapil Khot of Qualys.
Vulnerable: Trend Micro InterScan Web Security Virtual Appliance 6.5-SP2 CP 1739
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 CP Build 162
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2
Trend Micro InterScan Web Security Virtual Appliance 6.5 CP 1737
Trend Micro InterScan Web Security Virtual Appliance 6.5

Not Vulnerable: Trend Micro InterScan Web Security Virtual Appliance 6.5 CP 1746

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

Multiple Vulnerabilities in Trend Micro Interscan Web Security Virtual Appliance (Qualys)
Trend Micro Homepage (Trend Micro)
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 Multiple Vulner (Trend Micro)

Source: www.securityfocus.com

Exploit Collector

Search Exploit