Trend Micro IWSVA < 6.0 Build 1244 Information Disclosure

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an information disclosure
vulnerability.

Description :

The remote host is running a version of Trend Micro InterScan Web
Security Virtual Appliance prior to 6.0 Build 1244. It is, therefore,
affected by an information disclosure vulnerability due to improper
validation of user-supplied configuration input when saving filters in
the AdminUI. An authenticated, remote attacker can exploit this issue
to gain access to arbitrary files which IWSVA has read access to.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-14-373/

Solution :

Upgrade to Trend Micro IWSVA 6.0 Build 1244 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 82591 ()

Bugtraq ID: 70964

CVE ID: CVE-2014-8510

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now