CVE-2016-8585

Опубликовано: 28 апр. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.

Ссылки

http://packetstormsecurity.com/files/142223/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/142224/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/98342
http://packetstormsecurity.com/files/142223/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/142224/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/98342

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:threat_discovery_appliance:*:r1:*:*:*:*:*:*

Версия до 2.6.1062 (включая)

EPSS

Процентиль: 91%

0.07254

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-hj32-4j4q-x3j7