CVE-2017-14079

Опубликовано: 22 сент. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

Ссылки

http://www.securityfocus.com/bid/100970
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-785
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-789
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-790
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-807
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/1118224
Mitigation
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100970
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-785
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-789
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-790
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-807
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/1118224
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:mobile_security:9.7:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 94%

0.13237

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-r3f8-9g3v-mr64