exploitDog

CVE-2020-28581

Опубликовано: 18 нояб. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Высокий

Описание

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

Ссылки

https://success.trendmicro.com/solution/000281954
Vendor Advisory
https://www.tenable.com/security/research/tra-2020-63
Exploit
Third Party Advisory
https://success.trendmicro.com/solution/000281954
Vendor Advisory
https://www.tenable.com/security/research/tra-2020-63
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5:sp2:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.73422

Высокий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-3f2m-pjf9-h8qx

github

больше 3 лет назад

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

EPSS

Процентиль: 99%

0.73422

Высокий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78