CVE-2017-11391

HIGH

Trendmicro Interscan Messaging Securi... - Command Injection

Title source: rule

Description

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.

Exploits (1)

metasploit WORKING POC EXCELLENT

by mr_me <[email protected]>, Mehmet Ince <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trendmicro_imsva_widget_exec.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100075

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-17-502

[Vendor Advisory] https://success.trendmicro.com/solution/1117723

Scores

CVSS v3 8.8

EPSS 0.8139

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (3)

Trend Micro/Trend Micro InterScan Messaging Security Virtual Appliance 9.0,9.1

trendmicro/interscan_messaging_security_virtual_appliance 9.0

trendmicro/interscan_messaging_security_virtual_appliance 9.1

Published Aug 03, 2017

Tracked Since Feb 18, 2026