Vulnerability Details CVE-2020-8466
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.273
EPSS Ranking 96.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
- https://success.trendmicro.com/solution/000283077
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
- https://success.trendmicro.com/solution/000283077
Products affected by CVE-2020-8466
-
cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5