CVE-2020-28581
HIGHTrend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - Authenticated OS Command Injection via ModifyVLANItem
Title source: llmDescription
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000281954
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2020-63
Scores
CVSS v3
7.2
EPSS
0.7342
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
trendmicro/interscan_web_security_virtual_appliance
6.5 sp2
Published
Nov 18, 2020
Tracked Since
Feb 18, 2026