VAR-201708-0983
Vulnerability from variot - Updated: 2023-12-18 12:44Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-4744 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the modTMCSS Proxy functionality. An attacker can leverage this vulnerability to execute arbitrary code under the context of the imss user. that integrates anti-virus, anti-spyware and anti-phishing technologies to provide comprehensive protection for email applications. The issue presents itself when the 'VirusEvent' directive in the 'clamav.conf' configuration file has been enabled and the 'Dazuko' module is used with the antivirus software. Although unconfirmed, all versions of the application are assumed to vulnerable at the moment. This information will be updated as more details become available. Failed exploit attempts will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0983",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 1.7,
"vendor": "trend micro",
"version": "9.1"
},
{
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 1.7,
"vendor": "trend micro",
"version": "9.0"
},
{
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "9.0"
},
{
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "9.1"
},
{
"model": "interscan messaging security",
"scope": null,
"trust": 0.7,
"vendor": "trend micro",
"version": null
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.68-1"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.68"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.67"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.65"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.60"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.54"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.53"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.52"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.51"
},
{
"model": "anti-virus clamav",
"scope": "ne",
"trust": 0.3,
"vendor": "clam",
"version": "0.70"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "BID",
"id": "10007"
},
{
"db": "BID",
"id": "100075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11391"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley (mr_me) of Offensive Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
}
],
"trust": 0.7
},
"cve": "CVE-2017-11391",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-11391",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-21034",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11391",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11391",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2017-11391",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-21034",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-675",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the \"t\" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-4744 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the modTMCSS Proxy functionality. An attacker can leverage this vulnerability to execute arbitrary code under the context of the imss user. that integrates anti-virus, anti-spyware and anti-phishing technologies to provide comprehensive protection for email applications. The issue presents itself when the \u0027VirusEvent\u0027 directive in the \u0027clamav.conf\u0027 configuration file has been enabled and the \u0027Dazuko\u0027 module is used with the antivirus software. \nAlthough unconfirmed, all versions of the application are assumed to vulnerable at the moment. This information will be updated as more details become available. Failed exploit attempts will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "BID",
"id": "10007"
},
{
"db": "BID",
"id": "100075"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11391",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-17-502",
"trust": 3.2
},
{
"db": "BID",
"id": "100075",
"trust": 1.3
},
{
"db": "BID",
"id": "10007",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU94207433",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98736894",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4744",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-21034",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-17-504",
"trust": 0.3
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "BID",
"id": "10007"
},
{
"db": "BID",
"id": "100075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"id": "VAR-201708-0983",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21034"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21034"
}
]
},
"last_update_date": "2023-12-18T12:44:28.294000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Solution ID: 1117723",
"trust": 1.5,
"url": "https://success.trendmicro.com/solution/1117723"
},
{
"title": "TrendMicroInterScanMessagingSecurityVirtualAppliance command to inject vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100116"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://success.trendmicro.com/solution/1117723"
},
{
"trust": 2.2,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-502"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/100075"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11391"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94207433/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98736894/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11391"
},
{
"trust": 0.3,
"url": "http://www.clamav.net/"
},
{
"trust": 0.3,
"url": "/archive/1/359017"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-502/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-504/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "BID",
"id": "10007"
},
{
"db": "BID",
"id": "100075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "BID",
"id": "10007"
},
{
"db": "BID",
"id": "100075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-31T00:00:00",
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"date": "2017-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"date": "2004-03-30T00:00:00",
"db": "BID",
"id": "10007"
},
{
"date": "2017-07-31T00:00:00",
"db": "BID",
"id": "100075"
},
{
"date": "2017-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"date": "2017-08-03T15:29:00.327000",
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"date": "2017-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-31T00:00:00",
"db": "ZDI",
"id": "ZDI-17-502"
},
{
"date": "2017-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"date": "2004-03-30T00:00:00",
"db": "BID",
"id": "10007"
},
{
"date": "2017-07-31T00:00:00",
"db": "BID",
"id": "100075"
},
{
"date": "2017-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"date": "2017-08-07T22:12:49.323000",
"db": "NVD",
"id": "CVE-2017-11391"
},
{
"date": "2017-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trend Micro InterScan Messaging Security Virtual Appliance Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21034"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006619"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
],
"trust": 2.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-675"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…