CVE-2016-9315

HIGH

Trend Micro IWSVA <6.5-CP-1737 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-9315.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Trend Micro IWSVA 6.5.x, including remote command execution, sensitive information disclosure, privilege escalation, and stored XSS. It provides proof-of-concept steps and HTTP request examples for exploitation.

Description

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737.

Exploits (1)

exploitdb WRITEUP

webappshardware

https://www.exploit-db.com/exploits/41361

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Trend Micro IWSVA 6.5.x, including remote command execution, sensitive information disclosure, privilege escalation, and stored XSS. It provides proof-of-concept steps and HTTP request examples for exploitation.

Classification

Writeup 100%

Attack Type

Rce | Info Leak | Lpe | Xss

Complexity

Moderate

Reliability

Reliable

Target: Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x

Auth required

Prerequisites: Low-privileged user access to the web management console · Valid session cookies (JSESSIONID and CSRFGuardToken)

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1003 - OS Credential Dumping T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96252

Various Sources x_refsource_confirm

https://success.trendmicro.com/solution/1116672

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037849

Scores

CVSS v3 8.8

EPSS 0.0898

EPSS Percentile 94.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (1)

trendmicro/interscan_web_security_virtual_appliance < 6.5

Published Feb 21, 2017

Tracked Since Feb 18, 2026