Trend Micro Control Manager GetPassword() SQLi

high Nessus Plugin ID 110766

Synopsis

A web application running on the remote host is affected by an SQLi vulnerability.

Description

The Trend Micro Control Manager running on the remote host is affected by an SQLi vulnerability when processing an HTTP request due to the lack of proper validation of a user-supplied string before using it to construct SQL queries. An unauthenticated, remote attacker can exploit this issue, via a specially crafted HTTP request, to execute code under the context of the Network Service account.

Note that Trend Micro Control Manager is reportedly affected by additional vulnerabilities; however, this plugin has not tested for these.

Solution

Upgrade to Trend Micro Control Manager version 6.0 build 3748 / 7.0 or later.

Note that version 6.0 build 3748 requires version 6.0 SP3 Patch 3 as a prerequisite.

See Also

https://success.trendmicro.com/solution/1119158

https://www.zerodayinitiative.com/advisories/ZDI-18-067/

Plugin Details

Severity: High

ID: 110766

File Name: trendmicro_control_manager_cve-2018-3064.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 6/28/2018

Updated: 4/27/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-3604

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:trend_micro:control_manager

Required KB Items: installed_sw/Trend Micro Control Manager

Exploit Ease: No known exploits are available

Patch Publication Date: 1/9/2018

Vulnerability Publication Date: 1/9/2018

Reference Information

CVE: CVE-2018-3604