CVE-2020-8466
CRITICALTrend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - Unauthenticated OS Command Injection
Title source: llmDescription
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000283077
Exploit, Third Party Advisory x_refsource_misc
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
Scores
CVSS v3
9.8
EPSS
0.2727
EPSS Percentile
96.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
trendmicro/interscan_web_security_virtual_appliance
6.5 sp2
Published
Dec 17, 2020
Tracked Since
Feb 18, 2026