CVE-2020-28581
Summary
| CVE | CVE-2020-28581 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-11-18 19:15:00 UTC |
| Updated | 2020-11-28 21:58:00 UTC |
| Description | A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Trendmicro | Interscan Web Security Virtual Appliance | 6.5 | sp2 | All | All |
| Application | Trendmicro | Interscan Web Security Virtual Appliance | 6.5 | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SECURITY BULLETIN: Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Multiple Vulnerabilities | MISC | success.trendmicro.com | Vendor Advisory |
| Trend Micro InterScan Web Security Virtual Appliance Multiple Vulnerabilities - Research Advisory | Tenable® | MISC | www.tenable.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.