CVE-2020-8466: OS Command Injection
First published: Thu Dec 17 2020(Updated: )
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trendmicro Interscan Web Security Virtual Appliance | =6.5-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8466?
CVE-2020-8466 is a command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2.
How severe is the vulnerability CVE-2020-8466?
The severity of CVE-2020-8466 is critical with a CVSS score of 9.8.
How does the vulnerability CVE-2020-8466 impact the affected software?
The vulnerability allows an unauthenticated attacker to execute certain commands by providing a manipulated password.
What software is affected by CVE-2020-8466?
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 is affected by CVE-2020-8466.
How can I fix CVE-2020-8466?
Upgrade to the latest version of Trend Micro InterScan Web Security Virtual Appliance.
- collector/nvd-index
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/trendmicro
- canonical/trendmicro interscan web security virtual appliance
- version/trendmicro interscan web security virtual appliance/6.5-sp2