CVE-2020-28581: OS Command Injection
First published: Wed Nov 18 2020(Updated: )
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trendmicro Interscan Web Security Virtual Appliance | =6.5-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-28581.
What is the title of the vulnerability?
The title of the vulnerability is 'A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Ap...'.
What is the affected software?
The affected software is Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2.
What is the severity of CVE-2020-28581?
The severity of CVE-2020-28581 is critical with a severity value of 7.2.
How can an attacker exploit CVE-2020-28581?
An attacker can exploit CVE-2020-28581 by sending specially crafted HTTP messages to the affected appliance.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/trendmicro
- canonical/trendmicro interscan web security virtual appliance
- version/trendmicro interscan web security virtual appliance/6.5-sp2