What is the severity of CVE-2017-6339?

CVE-2017-6339 is classified as a medium severity vulnerability due to its potential impact on secure communications.

What are the risks associated with CVE-2017-6339?

Risks associated with CVE-2017-6339 include exposure of sensitive key and certificate data, leading to potential man-in-the-middle attacks.

Does CVE-2017-6339 affect other versions of IWSVA?

CVE-2017-6339 specifically affects Trend Micro InterScan Web Security Virtual Appliance version 6.5 and does not apply to later versions.

Vulnerability/
CVE-2017-6339

medium

6.5

CWE

269 521

5/4/2017

5/8/2024

CVE-2017-6339

Q: How do I fix CVE-2017-6339?

To fix CVE-2017-6339, upgrade to Trend Micro InterScan Web Security Virtual Appliance version 6.5 CP 1746 or later.

Q: Who is affected by CVE-2017-6339?

CVE-2017-6339 affects users of Trend Micro InterScan Web Security Virtual Appliance version 6.5 prior to CP 1746.

First published: Wed Apr 05 2017(Updated: )

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Trend Micro InterScan Web Security Virtual Appliance	<=6.5

Remedy

https://success.trendmicro.com/solution/1116960

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6339?
CVE-2017-6339 is classified as a medium severity vulnerability due to its potential impact on secure communications.
How do I fix CVE-2017-6339?
To fix CVE-2017-6339, upgrade to Trend Micro InterScan Web Security Virtual Appliance version 6.5 CP 1746 or later.
What are the risks associated with CVE-2017-6339?
Risks associated with CVE-2017-6339 include exposure of sensitive key and certificate data, leading to potential man-in-the-middle attacks.
Who is affected by CVE-2017-6339?
CVE-2017-6339 affects users of Trend Micro InterScan Web Security Virtual Appliance version 6.5 prior to CP 1746.
Does CVE-2017-6339 affect other versions of IWSVA?
CVE-2017-6339 specifically affects Trend Micro InterScan Web Security Virtual Appliance version 6.5 and does not apply to later versions.

agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/references
agent/last-modified-date
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/trendmicro
canonical/trend micro interscan web security virtual appliance
version/trend micro interscan web security virtual appliance/6.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.