Trend Micro IWSVA 6.5 < 6.5 Build 1746 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The version of Trend Micro InterScan Web Security Virtual Appliance
(IWSVA) installed on the remote host is 6.5 prior to 6.5 Build 1746.
It is, therefore, affected by multiple vulnerabilities :

- Multiple access control issues exist that allow an
authenticated, remote attacker with low privileges to
modify FTP access control, create or modify reports, or
upload an HTTPS decryption certificate and private key.
(CVE-2017-6338)

- A flaw exists in the management of certain key and
certificate data. By default, IWSVA acts as a private
certificate authority (CA) and dynamically generates
digital certificates that are sent to client browsers
to complete a secure passage for HTTPS connections.
It also allows administrators to upload their own
certificates signed by a root CA. An authenticated,
remote attacker with low privileges can download the
current CA certificate and private key (either the
default ones or ones uploaded by administrators) and use
those to decrypt HTTPS traffic, resulting in a loss of
confidentiality. Furthermore, the default private
key on the appliance is encrypted with a very weak
passphrase. The attacker can exploit this to likewise
break the encryption protections. (CVE-2017-6339)

- An cross-site scripting (XSS) vulnerability exists in
rest/commonlog/report/template due to improper
sanitization of user-supplied input to the name field.
An authenticated, remote attacker with low privileges
can exploit this to inject arbitrary JavaScript while
creating a new report. Furthermore, due to incorrect
access controls, the attacker can exploit this issue to
create or modify reports, allowing arbitrary script
code to be executed in a user's browser session when
the user visits report or auditlog pages.
(CVE-2017-6340)

- Additionally, other vulnerabilities have been reported,
the most serious of which allow an unauthenticated,
remote attacker to inject commands or execute arbitrary
code.

See also :

https://success.trendmicro.com/solution/1116960
http://www.zerodayinitiative.com/advisories/ZDI-17-193/
http://www.zerodayinitiative.com/advisories/ZDI-17-194/
http://www.zerodayinitiative.com/advisories/ZDI-17-195/
http://www.zerodayinitiative.com/advisories/ZDI-17-196/
http://www.zerodayinitiative.com/advisories/ZDI-17-197/
http://www.zerodayinitiative.com/advisories/ZDI-17-198/
http://www.zerodayinitiative.com/advisories/ZDI-17-199/
http://www.zerodayinitiative.com/advisories/ZDI-17-200/
http://www.zerodayinitiative.com/advisories/ZDI-17-201/
http://www.zerodayinitiative.com/advisories/ZDI-17-202/
http://www.zerodayinitiative.com/advisories/ZDI-17-203/
http://www.zerodayinitiative.com/advisories/ZDI-17-204/
http://www.zerodayinitiative.com/advisories/ZDI-17-205/
http://www.zerodayinitiative.com/advisories/ZDI-17-206/
http://www.zerodayinitiative.com/advisories/ZDI-17-207/
http://www.zerodayinitiative.com/advisories/ZDI-17-208/
http://www.zerodayinitiative.com/advisories/ZDI-17-209/
http://www.zerodayinitiative.com/advisories/ZDI-17-210/
http://www.zerodayinitiative.com/advisories/ZDI-17-211/
http://www.zerodayinitiative.com/advisories/ZDI-17-212/
http://www.zerodayinitiative.com/advisories/ZDI-17-213/
http://www.zerodayinitiative.com/advisories/ZDI-17-214/
http://www.zerodayinitiative.com/advisories/ZDI-17-215/
http://www.zerodayinitiative.com/advisories/ZDI-17-216/
http://www.zerodayinitiative.com/advisories/ZDI-17-217/
http://www.zerodayinitiative.com/advisories/ZDI-17-218/
http://www.zerodayinitiative.com/advisories/ZDI-17-219/
http://www.zerodayinitiative.com/advisories/ZDI-17-220/
http://www.zerodayinitiative.com/advisories/ZDI-17-221/
http://www.zerodayinitiative.com/advisories/ZDI-17-222/
http://www.zerodayinitiative.com/advisories/ZDI-17-223/
http://www.zerodayinitiative.com/advisories/ZDI-17-224/
http://www.zerodayinitiative.com/advisories/ZDI-17-225/
http://www.zerodayinitiative.com/advisories/ZDI-17-226/
http://www.zerodayinitiative.com/advisories/ZDI-17-227/
http://www.zerodayinitiative.com/advisories/ZDI-17-228/
http://www.zerodayinitiative.com/advisories/ZDI-17-229/
http://www.zerodayinitiative.com/advisories/ZDI-17-230/
http://www.zerodayinitiative.com/advisories/ZDI-17-231/
http://www.zerodayinitiative.com/advisories/ZDI-17-232/
http://www.zerodayinitiative.com/advisories/ZDI-17-233/

Solution :

Upgrade to Trend Micro IWSVA version 6.5 Build 1746 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Firewalls

Nessus Plugin ID: 99248 ()

Bugtraq ID:

CVE ID: CVE-2017-6338
CVE-2017-6339
CVE-2017-6340

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now