CVE-2018-6231
CRITICALTrend Micro Smart Protection Server < 3.3 - Unauthenticated OS Command Injection
Title source: llmDescription
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-18-218/
Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1119385
Scores
CVSS v3
9.8
EPSS
0.1599
EPSS Percentile
94.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
trendmicro/smart_protection_server
< 3.3
Published
Mar 15, 2018
Tracked Since
Feb 18, 2026