CVE-2017-9034

CRITICAL

Trend Micro ServerProtect for Linux <3.0 - RCE

Title source: llm

Description

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038548

Patch, Vendor Advisory x_refsource_confirm

https://success.trendmicro.com/solution/1117411

Exploit, Technical Description, Third Party Advisory x_refsource_misc

https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2017/May/91

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html

Scores

CVSS v3 9.8

EPSS 0.0558

EPSS Percentile 90.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

trendmicro/serverprotect 3.0

Published May 26, 2017

Tracked Since Feb 18, 2026