Trend Micro Control Manager 6.x < 6.0 SP3 Hotfix 3328 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A security management application installed on the remote host is
affected by multiple vulnerabilities.

Description :

According to its version, the Trend Micro Control Manager application
installed on the remote Windows host is 6.x prior to 6.0 SP 3 Hotfix
3328 (6.0.0.3328). It is, therefore, affected by the following
vulnerabilities :

- A directory traversal vulnerability exists in the
task_controller.php script due to improper sanitization
of user-supplied input to the 'url' parameter. An
unauthenticated, remote attacker can exploit this, via
a specially crafted request, to disclose arbitrary
files. (VulnDB 142765)

- A flaw exists in the AdHocQuery_SelectView.aspx script
due to improper sanitization of user-supplied input
before executing XML queries. An authenticated, remote
attacker can exploit this to inject XPATH content,
resulting in gaining access to sensitive information.
(VulnDB 142766)

- Multiple XML external entity (XXE) injection
vulnerabilities exist due to an incorrectly configured
XML parser accepting XML external entities from
untrusted sources. Specifically, these issues occur in
the DeploymentPlan_Event_Handler.aspx, ProductTree.aspx,
and TreeUserControl_process_tree_event.aspx scripts. An
authenticated, remote attacker can exploit these issues,
via specially crafted XML data, to gain access to
sensitive information. (VulnDB 142767, 142768, 142769)

- Multiple SQL injection (SQLi) vulnerabilities exist due
to improper sanitization of user-supplied input before
using it in SQL queries. Specifically, these issues
occur in the AdHocQuery_CustomProfiles.aspx and
cgiCMUIDispatcher.exe scripts. An authenticated, remote
attacker can exploit these issues to inject SQL queries
against the back-end database, resulting in the
disclosure or manipulation of arbitrary data. Moreover,
the attacker can exploit these issues to inject PHP
payloads, which can be then called and executed.
(VulnDB 142770, 142771)

See also :

https://success.trendmicro.com/solution/1114749
http://zerodayinitiative.com/advisories/ZDI-16-455/
http://zerodayinitiative.com/advisories/ZDI-16-456/
http://zerodayinitiative.com/advisories/ZDI-16-457/
http://zerodayinitiative.com/advisories/ZDI-16-458/
http://zerodayinitiative.com/advisories/ZDI-16-459/
http://zerodayinitiative.com/advisories/ZDI-16-460/
http://zerodayinitiative.com/advisories/ZDI-16-461/
http://zerodayinitiative.com/advisories/ZDI-16-462/

Solution :

Upgrade to Trend Micro Control Manager version 6.0 SP3 Hotfix
3328 or later.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 93482 ()

Bugtraq ID:

CVE ID: CVE-2016-6220

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now