Описание
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- MitigationPatchVendor Advisory
- ExploitTechnical DescriptionThird Party Advisory
- MitigationPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.72519
Высокий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
EPSS
Процентиль: 99%
0.72519
Высокий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-20