var-201708-0983
Vulnerability from variot
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-4744 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the modTMCSS Proxy functionality. An attacker can leverage this vulnerability to execute arbitrary code under the context of the imss user. that integrates anti-virus, anti-spyware and anti-phishing technologies to provide comprehensive protection for email applications. The issue presents itself when the 'VirusEvent' directive in the 'clamav.conf' configuration file has been enabled and the 'Dazuko' module is used with the antivirus software. Although unconfirmed, all versions of the application are assumed to vulnerable at the moment. This information will be updated as more details become available. Failed exploit attempts will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0983",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 1.7,
"vendor": "trend micro",
"version": "9.1"
},
{
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 1.7,
"vendor": "trend micro",
"version": "9.0"
},
{
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "9.0"
},
{
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "9.1"
},
{
"model": "interscan messaging security",
"scope": null,
"trust": 0.7,
"vendor": "trend micro",
"version": null
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.68-1"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.68"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.67"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.65"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.60"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.54"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.53"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.52"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.51"
},
{
"model": "anti-virus clamav",
"scope": "ne",
"trust": 0.3,
"vendor": "clam",
"version": "0.70"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "BID",
"id": "10007"
},
{
"db": "BID",
"id": "100075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11391"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley (mr_me) of Offensive Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
}
],
"trust": 0.7
},
"cve": "CVE-2017-11391",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-11391",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-21034",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11391",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11391",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2017-11391",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-21034",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-675",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the \"t\" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-4744 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the modTMCSS Proxy functionality. An attacker can leverage this vulnerability to execute arbitrary code under the context of the imss user. that integrates anti-virus, anti-spyware and anti-phishing technologies to provide comprehensive protection for email applications. The issue presents itself when the \u0027VirusEvent\u0027 directive in the \u0027clamav.conf\u0027 configuration file has been enabled and the \u0027Dazuko\u0027 module is used with the antivirus software. \nAlthough unconfirmed, all versions of the application are assumed to vulnerable at the moment. This information will be updated as more details become available. Failed exploit attempts will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "BID",
"id": "10007"
},
{
"db": "BID",
"id": "100075"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11391",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-17-502",
"trust": 3.2
},
{
"db": "BID",
"id": "100075",
"trust": 1.3
},
{
"db": "BID",
"id": "10007",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU94207433",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98736894",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4744",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-21034",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-17-504",
"trust": 0.3
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "BID",
"id": "10007"
},
{
"db": "BID",
"id": "100075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"id": "VAR-201708-0983",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21034"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21034"
}
]
},
"last_update_date": "2023-12-18T12:44:28.294000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Solution ID: 1117723",
"trust": 1.5,
"url": "https://success.trendmicro.com/solution/1117723"
},
{
"title": "TrendMicroInterScanMessagingSecurityVirtualAppliance command to inject vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100116"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://success.trendmicro.com/solution/1117723"
},
{
"trust": 2.2,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-502"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/100075"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11391"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94207433/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98736894/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11391"
},
{
"trust": 0.3,
"url": "http://www.clamav.net/"
},
{
"trust": 0.3,
"url": "/archive/1/359017"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-502/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-504/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "BID",
"id": "10007"
},
{
"db": "BID",
"id": "100075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "BID",
"id": "10007"
},
{
"db": "BID",
"id": "100075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-31T00:00:00",
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"date": "2017-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"date": "2004-03-30T00:00:00",
"db": "BID",
"id": "10007"
},
{
"date": "2017-07-31T00:00:00",
"db": "BID",
"id": "100075"
},
{
"date": "2017-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"date": "2017-08-03T15:29:00.327000",
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"date": "2017-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-31T00:00:00",
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"date": "2017-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"date": "2004-03-30T00:00:00",
"db": "BID",
"id": "10007"
},
{
"date": "2017-07-31T00:00:00",
"db": "BID",
"id": "100075"
},
{
"date": "2017-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"date": "2017-08-07T22:12:49.323000",
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"date": "2017-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trend Micro InterScan Messaging Security Virtual Appliance Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
],
"trust": 2.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.