Hillstone Networks

RULE（RULE ID：334203）

Rule General Information


Release Date:		2021-11-29

Rule Name:		Trend Micro IWSVA testConfiguration Command Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		A command injection vulnerability has been reported in Trend Micro InterScan Web Security Virtual Appliance (IWSVA). The vulnerability exists due to improper validation of the HTTP request parameters when processing requests with /rest/testConfiguration URI. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful exploitation of this vulnerability can lead to remote command execution in the context of the process.

Impact:		An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

The vendor has released upgrade patches to fix vulnerabilities, please visit:
https://success.trendmicro.com/solution/1116960