CVE-2016-8586

Опубликовано: 28 апр. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

Ссылки

http://packetstormsecurity.com/files/142222/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-detected_potential_files.cgi-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/98376
http://packetstormsecurity.com/files/142222/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-detected_potential_files.cgi-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/98376

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:threat_discovery_appliance:*:r1:*:*:*:*:*:*

Версия до 2.6.1062 (включая)

EPSS

Процентиль: 87%

0.03537

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-28xm-hhm6-jjxj