CVE-2017-14081

Опубликовано: 22 сент. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

Ссылки

http://www.securityfocus.com/bid/100969
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-752
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-774
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/1118224
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100969
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-752
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-774
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/1118224
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:mobile_security:*:*:*:*:enterprise:*:*:*

Версия до 9.7 (включая)

EPSS

Процентиль: 94%

0.13341

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-rpjm-v5w4-ccc9