CVE-2016-9315

HIGH

Trend Micro IWSVA <6.5-CP-1737 - Privilege Escalation

Title source: llm

Description

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737.

Exploits (1)

exploitdb WRITEUP

webappshardware

https://www.exploit-db.com/exploits/41361

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96252

[Various Sources] https://success.trendmicro.com/solution/1116672

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037849

Scores

CVSS v3 8.8

EPSS 0.0586

EPSS Percentile 90.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (1)

trendmicro/interscan_web_security_virtual_appliance < 6.5

Published Feb 21, 2017

Tracked Since Feb 18, 2026