module
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
| Disclosed | Created |
|---|---|
| 2020-06-10 | 2020-06-22 |
Disclosed
2020-06-10
Created
2020-06-22
Description
This module exploits multiple vulnerabilities together in order to achive a remote code execution.
Unauthenticated users can execute a terminal command under the context of the root user.
The specific flaw exists within the LogSettingHandler class of administrator interface software.
When parsing the mount_device parameter, the process does not properly validate a user-supplied string
before using it to execute a system call. An attacker can leverage this vulnerability to execute code in
the context of root. But authentication is required to exploit this vulnerability.
Another specific flaw exist within the proxy service, which listens on port 8080 by default. Unauthenticated users
can exploit this vulnerability in order to communicate with internal services in the product.
Last but not least a flaw exists within the Apache Solr application, which is installed within the product.
When parsing the file parameter, the process does not properly validate a user-supplied path prior to using it in file operations.
An attacker can leverage this vulnerability to disclose information in the context of the IWSS user.
Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the root user.
Version perior to 6.5 SP2 Patch 4 (Build 1901) are affected.
Unauthenticated users can execute a terminal command under the context of the root user.
The specific flaw exists within the LogSettingHandler class of administrator interface software.
When parsing the mount_device parameter, the process does not properly validate a user-supplied string
before using it to execute a system call. An attacker can leverage this vulnerability to execute code in
the context of root. But authentication is required to exploit this vulnerability.
Another specific flaw exist within the proxy service, which listens on port 8080 by default. Unauthenticated users
can exploit this vulnerability in order to communicate with internal services in the product.
Last but not least a flaw exists within the Apache Solr application, which is installed within the product.
When parsing the file parameter, the process does not properly validate a user-supplied path prior to using it in file operations.
An attacker can leverage this vulnerability to disclose information in the context of the IWSS user.
Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the root user.
Version perior to 6.5 SP2 Patch 4 (Build 1901) are affected.
Author
Mehmet Ince mehmet@mehmetince.net
Platform
Python
Architectures
python
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.