|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-06-22 | |
| Rule Name: | Trend Micro InterScan Web Security Virtual Appliance Password Command InjectionVulnerability (CVE-2020-8466) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/ https://success.trendmicro.com/solution/000283077 |
|
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |