Trend Micro InterScan Web Security Virtual Appliance ContentCacheSSAction Command Injection Remote Code Execution VulnerabilityZDI-17-220: March 30th, 2017
InterScan Web Security Virtual Appliance
TippingPoint™ IPS Customer ProtectionTippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 26789. For further product information on the TippingPoint IPS:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability.
The specific flaw exists within the ContentCacheSSAction servlet. A crafted cache space setting parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute arbitrary code under the context of root.
Vendor ResponseTrend Micro has issued an update to correct this vulnerability. More details can be found at:
2016-12-16 - Vulnerability reported to vendor
2017-03-30 - Coordinated public release of advisory
CreditThis vulnerability was discovered by:
Steven Seeley of Source Incite