Trend Micro Threat Discovery Appliance CVE-2016-7552 Directory Traversal Vulnerability

Trend Micro Threat Discovery Appliance is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue using directory-traversal characters ('../') to access files outside of the restricted directory and perform other attacks.

Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97599
Class: Input Validation Error
CVE: CVE-2016-7552

Remote: Yes
Local: No
Published: Apr 10 2017 12:00AM
Updated: Apr 10 2017 12:00AM
Credit: Steventhomasseeley and Roberto Suggi Liverani
Vulnerable: Trend Micro Threat Discovery Appliance 2.6.1062r1

Not Vulnerable:

Exploit

An attacker can use readily available commands and tools to exploit this issue.

References:

Trend Micro Homepage (Trend Micro)
Added CVE-2016-7552/CVE-2016-7547 exploit #8216 (GitHub)

Source: www.securityfocus.com

Exploit Collector

Search Exploit