Trend Micro Control Manager download.php File Disclosure

high Nessus Plugin ID 97224

Synopsis

An application running on the remote host is affected by a file disclosure vulnerability.

Description

The version of Trend Micro Control Manager running on the remote host is affected by a file disclosure vulnerability due to a failure to properly sanitize user-supplied input to the download.php script. An unauthenticated, remote attacker can exploit this, via a crafted request employing directory traversal, to disclose arbitrary files.

Note that the application is reportedly affected by other vulnerabilities; however, Nessus has not tested for these issues.

Solution

The vendor advisory says Control Manager version 6.0 build 3444 has fixed the issue, but it appears that an early version 6.0 build 3400 (Service Pack 3, Patch 2) also fixed the issue. Please contact the vendor for determining the first fixed version.

Also note that some older versions of the application do not have the download.php script and are therefore not affected.

See Also

https://success.trendmicro.com/solution/1116624

https://www.zerodayinitiative.com/advisories/ZDI-17-061/

https://www.zerodayinitiative.com/advisories/ZDI-17-062/

Plugin Details

Severity: High

ID: 97224

File Name: trendmicro_control_manager_download_php_file_disclosure.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 2/17/2017

Updated: 11/15/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:trend_micro:control_manager

Required KB Items: installed_sw/Trend Micro Control Manager

Exploited by Nessus: true

Patch Publication Date: 2/7/2017

Vulnerability Publication Date: 2/7/2017

Reference Information