Rapid7 Vulnerability & Exploit Database

Trend Micro Web Security (Virtual Appliance) Remote Code Execution

Back to Search

Trend Micro Web Security (Virtual Appliance) Remote Code Execution

Disclosed
06/10/2020
Created
06/22/2020

Description

This module exploits multiple vulnerabilities together in order to achive a remote code execution. Unauthenticated users can execute a terminal command under the context of the root user. The specific flaw exists within the LogSettingHandler class of administrator interface software. When parsing the mount_device parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. But authentication is required to exploit this vulnerability. Another specific flaw exist within the proxy service, which listens on port 8080 by default. Unauthenticated users can exploit this vulnerability in order to communicate with internal services in the product. Last but not least a flaw exists within the Apache Solr application, which is installed within the product. When parsing the file parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the IWSS user. Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the root user. Version perior to 6.5 SP2 Patch 4 (Build 1901) are affected.

Author(s)

  • Mehmet Ince <mehmet@mehmetince.net>

Platform

Python

Architectures

python

Development

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/trendmicro_websecurity_exec
msf exploit(trendmicro_websecurity_exec) > show targets
    ...targets...
msf exploit(trendmicro_websecurity_exec) > set TARGET < target-id >
msf exploit(trendmicro_websecurity_exec) > show options
    ...show and set options...
msf exploit(trendmicro_websecurity_exec) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;