Trend Micro Control Manager 6.x < 6.0 SP3 Hotfix 3328 Multiple Vulnerabilities

high Nessus Plugin ID 93482

Synopsis

A security management application installed on the remote host is affected by multiple vulnerabilities.

Description

According to its version, the Trend Micro Control Manager application installed on the remote Windows host is 6.x prior to 6.0 SP 3 Hotfix 3328 (6.0.0.3328). It is, therefore, affected by the following vulnerabilities :

- A directory traversal vulnerability exists in the task_controller.php script due to improper sanitization of user-supplied input to the 'url' parameter. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose arbitrary files.

- A flaw exists in the AdHocQuery_SelectView.aspx script due to improper sanitization of user-supplied input before executing XML queries. An authenticated, remote attacker can exploit this to inject XPATH content, resulting in gaining access to sensitive information.

- Multiple XML external entity (XXE) injection vulnerabilities exist due to an incorrectly configured XML parser accepting XML external entities from untrusted sources. Specifically, these issues occur in the DeploymentPlan_Event_Handler.aspx, ProductTree.aspx, and TreeUserControl_process_tree_event.aspx scripts. An authenticated, remote attacker can exploit these issues, via specially crafted XML data, to gain access to sensitive information.

- Multiple SQL injection (SQLi) vulnerabilities exist due to improper sanitization of user-supplied input before using it in SQL queries. Specifically, these issues occur in the AdHocQuery_CustomProfiles.aspx and cgiCMUIDispatcher.exe scripts. An authenticated, remote attacker can exploit these issues to inject SQL queries against the back-end database, resulting in the disclosure or manipulation of arbitrary data. Moreover, the attacker can exploit these issues to inject PHP payloads, which can be then called and executed.

Solution

Upgrade to Trend Micro Control Manager version 6.0 SP3 Hotfix 3328 or later.

See Also

https://success.trendmicro.com/solution/1114749

https://www.zerodayinitiative.com/advisories/ZDI-16-455/

https://www.zerodayinitiative.com/advisories/ZDI-16-456/

https://www.zerodayinitiative.com/advisories/ZDI-16-457/

https://www.zerodayinitiative.com/advisories/ZDI-16-458/

https://www.zerodayinitiative.com/advisories/ZDI-16-459/

https://www.zerodayinitiative.com/advisories/ZDI-16-460/

https://www.zerodayinitiative.com/advisories/ZDI-16-461/

https://www.zerodayinitiative.com/advisories/ZDI-16-462/

Plugin Details

Severity: High

ID: 93482

File Name: trendmicro_control_manager_hotfix_3328.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 9/14/2016

Updated: 11/14/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-6220

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:trend_micro:control_manager

Required KB Items: installed_sw/Trend Micro Control Manager

Exploit Ease: No known exploits are available

Patch Publication Date: 8/8/2016

Vulnerability Publication Date: 8/8/2016

Reference Information

CVE: CVE-2016-6220