CVE-2017-6398Trendmicro · Interscan_messaging_security_virtual_appliance
Vulnerability data via NVD (ingested)
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2017-6398product:"Trendmicro Interscan Messaging Security Virtual Appliance" version:"9.1-1600"http.html:"Interscan Messaging Security Virtual Appliance"More intel sources (5)
vuln:CVE-2017-6398vulnerabilities.cve_id: CVE-2017-6398CVE-2017-6398CVE-2017-6398"CVE-2017-6398" exploit -site:nvd.nist.gov