Advisory Details

February 28th, 2018

Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability

ZDI-18-218
ZDI-CAN-5625

CVE ID CVE-2018-6231
CVSS SCORE 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
AFFECTED VENDORS Trend Micro
AFFECTED PRODUCTS Smart Protection Server
VULNERABILITY DETAILS


This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Trend Micro Smart Protection Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of credentials provided at login. When parsing the username, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user.

ADDITIONAL DETAILS Trend Micro has issued an update to correct this vulnerability. More details can be found at:
https://success.trendmicro.com/solution/1119385
DISCLOSURE TIMELINE
  • 2018-02-02 - Vulnerability reported to vendor
  • 2018-02-28 - Coordinated public release of advisory
  • 2018-02-28 - Advisory Updated
CREDIT Alain Homewood (Insomnia Security)
BACK TO ADVISORIES