CVE-2016-9269

CRITICAL

Trend Micro IWSVA <6.5-SP2_Build_Linux_1707 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-9269.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Trend Micro IWSVA 6.5.x, including remote command execution via patch upload, sensitive information disclosure through config backup, privilege escalation by modifying admin accounts, and stored XSS. It provides detailed steps and HTTP requests for exploitation.

Description

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737.

Exploits (1)

exploitdb WORKING POC
webappshardware
https://www.exploit-db.com/exploits/41361

The exploit demonstrates multiple vulnerabilities in Trend Micro IWSVA 6.5.x, including remote command execution via patch upload, sensitive information disclosure through config backup, privilege escalation by modifying admin accounts, and stored XSS. It provides detailed steps and HTTP requests for exploitation.

Classification
Working Poc 95%
Attack Type
Rce | Info Leak | Auth Bypass | Xss
Complexity
Moderate
Reliability
Reliable
Target: Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x
Auth required
Prerequisites: Low-privileged user access to the web management console · Network access to port 1812 · Ability to upload files and send crafted HTTP requests
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96252
Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1116672
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037849

Scores

CVSS v3 9.9
EPSS 0.1342
EPSS Percentile 95.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (1)
trendmicro/interscan_web_security_virtual_appliance < 6.5
Published Feb 21, 2017
Tracked Since Feb 18, 2026