CVE-2016-6267

HIGH

Trend Micro Smart Protection Server <3.0.1330 - Command Injection

Title source: llm

Description

SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trendmicro_sps_exec.rb

View Code ZIP pw:eip

References (2)

[Exploit, Technical Description, Third Party Advisory] https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/

[Mitigation, Patch, Vendor Advisory] https://success.trendmicro.com/solution/1114913

Scores

CVSS v3 8.8

EPSS 0.7252

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (3)

trendmicro/smart_protection_server 2.5

trendmicro/smart_protection_server 2.6

trendmicro/smart_protection_server 3.0

Published Jan 30, 2017

Tracked Since Feb 18, 2026