Trend Micro Threat Discovery Appliance CVE-2016-8592 Command Injection Vulnerability

Trend Micro Threat Discovery Appliance is prone to a remote command-injection vulnerability.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application; this may aid in further attacks.

Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 98345
Class: Design Error
CVE: CVE-2016-8592

Remote: Yes
Local: No
Published: Apr 20 2017 12:00AM
Updated: May 09 2017 03:07PM
Credit: Steven Seeley of Source Incite & Roberto Suggi Liverani
Vulnerable: Trend Micro Threat Discovery Appliance 2.6.1062r1

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept code to demonstrate the issue. Please see the references for more information.

References:

Trend Micro Homepage (Trend Micro)
CVE-2016-8592 - Trend Micro Threat Discovery Appliance (GitHub)

Source: www.securityfocus.com

Exploit Collector

Search Exploit