Trend Micro Threat Discovery Appliance CVE-2016-8591 Command Injection Vulnerability



Trend Micro Threat Discovery Appliance is prone to a remote command-injection vulnerability.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application; this may aid in further attacks.

Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 98343
Class: Design Error
CVE: CVE-2016-8591

Remote: Yes
Local: No
Published: Apr 20 2017 12:00AM
Updated: May 09 2017 03:07PM
Credit: Steven Seeley of Source Incite & Roberto Suggi Liverani
Vulnerable: Trend Micro Threat Discovery Appliance 2.6.1062r1


Not Vulnerable:

Exploit


The researcher has created a proof-of-concept code to demonstrate the issue. Please see the references for more information.


Related Posts