CVE-2017-11395
HIGHTrend Micro Smart Protection Server 3.1-3.2 - Authenticated OS Command Injection
Title source: llmDescription
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100461
Mitigation, Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1117933
Scores
CVSS v3
8.8
EPSS
0.0845
EPSS Percentile
92.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (4)
Trend Micro/Smart Protection Server (Standalone)
3.1
Trend Micro/Smart Protection Server (Standalone)
3.2
trendmicro/smart_protection_server
3.1
trendmicro/smart_protection_server
3.2
Published
Sep 22, 2017
Tracked Since
Feb 18, 2026