Synopsis
A security management application installed on the remote host is affected by multiple vulnerabilities.
Description
According to its version, the Trend Micro Control Manager application installed on the remote Windows host is 6.x prior to 6.0 SP 3 Hotfix 3328 (6.0.0.3328). It is, therefore, affected by the following vulnerabilities :
- A directory traversal vulnerability exists in the task_controller.php script due to improper sanitization of user-supplied input to the 'url' parameter. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose arbitrary files.
- A flaw exists in the AdHocQuery_SelectView.aspx script due to improper sanitization of user-supplied input before executing XML queries. An authenticated, remote attacker can exploit this to inject XPATH content, resulting in gaining access to sensitive information.
- Multiple XML external entity (XXE) injection vulnerabilities exist due to an incorrectly configured XML parser accepting XML external entities from untrusted sources. Specifically, these issues occur in the DeploymentPlan_Event_Handler.aspx, ProductTree.aspx, and TreeUserControl_process_tree_event.aspx scripts. An authenticated, remote attacker can exploit these issues, via specially crafted XML data, to gain access to sensitive information.
- Multiple SQL injection (SQLi) vulnerabilities exist due to improper sanitization of user-supplied input before using it in SQL queries. Specifically, these issues occur in the AdHocQuery_CustomProfiles.aspx and cgiCMUIDispatcher.exe scripts. An authenticated, remote attacker can exploit these issues to inject SQL queries against the back-end database, resulting in the disclosure or manipulation of arbitrary data. Moreover, the attacker can exploit these issues to inject PHP payloads, which can be then called and executed.
Solution
Upgrade to Trend Micro Control Manager version 6.0 SP3 Hotfix 3328 or later.
Plugin Details
File Name: trendmicro_control_manager_hotfix_3328.nasl
Agent: windows
Supported Sensors: Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:trend_micro:control_manager
Required KB Items: installed_sw/Trend Micro Control Manager
Exploit Ease: No known exploits are available
Patch Publication Date: 8/8/2016
Vulnerability Publication Date: 8/8/2016