Detections
Analytics
Trend Micro IWSVA 6.5 < 6.5 Build 1746 Multiple Vulnerabilities
medium Nessus Plugin ID 99248
Language:
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The version of Trend Micro InterScan Web Security Virtual Appliance (IWSVA) installed on the remote host is 6.5 prior to 6.5 Build 1746.It is, therefore, affected by multiple vulnerabilities :
- Multiple access control issues exist that allow an authenticated, remote attacker with low privileges to modify FTP access control, create or modify reports, or upload an HTTPS decryption certificate and private key.
(CVE-2017-6338)
- A flaw exists in the management of certain key and certificate data. By default, IWSVA acts as a private certificate authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections.
It also allows administrators to upload their own certificates signed by a root CA. An authenticated, remote attacker with low privileges can download the current CA certificate and private key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, resulting in a loss of confidentiality. Furthermore, the default private key on the appliance is encrypted with a very weak passphrase. The attacker can exploit this to likewise break the encryption protections. (CVE-2017-6339)
- A cross-site scripting (XSS) vulnerability exists in rest/commonlog/report/template due to improper sanitization of user-supplied input to the name field.
An authenticated, remote attacker with low privileges can exploit this to inject arbitrary JavaScript while creating a new report. Furthermore, due to incorrect access controls, the attacker can exploit this issue to create or modify reports, allowing arbitrary script code to be executed in a user's browser session when the user visits report or auditlog pages.
(CVE-2017-6340)
- Additionally, other vulnerabilities have been reported, the most serious of which allow an unauthenticated, remote attacker to inject commands or execute arbitrary code.
Solution
Upgrade to Trend Micro IWSVA version 6.5 Build 1746 or later.See Also
https://success.trendmicro.com/solution/1116960
https://www.zerodayinitiative.com/advisories/ZDI-17-193/
https://www.zerodayinitiative.com/advisories/ZDI-17-194/
https://www.zerodayinitiative.com/advisories/ZDI-17-195/
https://www.zerodayinitiative.com/advisories/ZDI-17-196/
https://www.zerodayinitiative.com/advisories/ZDI-17-197/
https://www.zerodayinitiative.com/advisories/ZDI-17-198/
https://www.zerodayinitiative.com/advisories/ZDI-17-199/
https://www.zerodayinitiative.com/advisories/ZDI-17-200/
https://www.zerodayinitiative.com/advisories/ZDI-17-201/
https://www.zerodayinitiative.com/advisories/ZDI-17-202/
https://www.zerodayinitiative.com/advisories/ZDI-17-203/
https://www.zerodayinitiative.com/advisories/ZDI-17-204/
https://www.zerodayinitiative.com/advisories/ZDI-17-205/
https://www.zerodayinitiative.com/advisories/ZDI-17-206/
https://www.zerodayinitiative.com/advisories/ZDI-17-207/
https://www.zerodayinitiative.com/advisories/ZDI-17-208/
https://www.zerodayinitiative.com/advisories/ZDI-17-209/
https://www.zerodayinitiative.com/advisories/ZDI-17-210/
https://www.zerodayinitiative.com/advisories/ZDI-17-211/
https://www.zerodayinitiative.com/advisories/ZDI-17-212/
https://www.zerodayinitiative.com/advisories/ZDI-17-213/
https://www.zerodayinitiative.com/advisories/ZDI-17-214/
https://www.zerodayinitiative.com/advisories/ZDI-17-215/
https://www.zerodayinitiative.com/advisories/ZDI-17-216/
https://www.zerodayinitiative.com/advisories/ZDI-17-217/
https://www.zerodayinitiative.com/advisories/ZDI-17-218/
https://www.zerodayinitiative.com/advisories/ZDI-17-219/
https://www.zerodayinitiative.com/advisories/ZDI-17-220/
https://www.zerodayinitiative.com/advisories/ZDI-17-221/
https://www.zerodayinitiative.com/advisories/ZDI-17-222/
https://www.zerodayinitiative.com/advisories/ZDI-17-223/
https://www.zerodayinitiative.com/advisories/ZDI-17-224/
https://www.zerodayinitiative.com/advisories/ZDI-17-225/
https://www.zerodayinitiative.com/advisories/ZDI-17-226/
https://www.zerodayinitiative.com/advisories/ZDI-17-227/
https://www.zerodayinitiative.com/advisories/ZDI-17-228/
https://www.zerodayinitiative.com/advisories/ZDI-17-229/
https://www.zerodayinitiative.com/advisories/ZDI-17-230/
https://www.zerodayinitiative.com/advisories/ZDI-17-231/
Plugin Details
Severity: Medium
ID: 99248
File Name: trendmicro_iwsva_6_5_1746.nasl
Version: 1.6
Type: local
Family: Firewalls
Published: 4/7/2017
Updated: 11/13/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3.1
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS Score Source: CVE-2017-6339
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:trendmicro:interscan_web_security_virtual_appliance
Required KB Items: Host/TrendMicro/IWSVA/version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/28/2017
Vulnerability Publication Date: 3/28/2017
Reference Information
CVE: CVE-2017-6338, CVE-2017-6339, CVE-2017-6340
ZDI: ZDI-17-193, ZDI-17-194, ZDI-17-195, ZDI-17-196, ZDI-17-197, ZDI-17-198, ZDI-17-199, ZDI-17-200, ZDI-17-201, ZDI-17-202, ZDI-17-203, ZDI-17-204, ZDI-17-205, ZDI-17-206, ZDI-17-207, ZDI-17-208, ZDI-17-209, ZDI-17-210, ZDI-17-211, ZDI-17-212, ZDI-17-213, ZDI-17-214, ZDI-17-215, ZDI-17-216, ZDI-17-217, ZDI-17-218, ZDI-17-219, ZDI-17-220, ZDI-17-221, ZDI-17-222, ZDI-17-223, ZDI-17-224, ZDI-17-225, ZDI-17-226, ZDI-17-227, ZDI-17-228, ZDI-17-229, ZDI-17-230, ZDI-17-231, ZDI-17-232, ZDI-17-233