Trend Micro Control Manager GetPassword() SQLi

High Nessus Plugin ID 110766

Synopsis

A web application running on the remote host is affected by an SQLi vulnerability.

Description

The Trend Micro Control Manager running on the remote host is affected by an SQLi vulnerability when processing an HTTP request due to the lack of proper validation of a user-supplied string before using it to construct SQL queries. An unauthenticated, remote attacker can exploit this issue, via a specially crafted HTTP request, to execute code under the context of the Network Service account.

Note that Trend Micro Control Manager is reportedly affected by additional vulnerabilities; however, this plugin has not tested for these.

Solution

Upgrade to Trend Micro Control Manager version 6.0 build 3748 / 7.0 or later.

Note that version 6.0 build 3748 requires version 6.0 SP3 Patch 3 as a prerequisite.

See Also

https://success.trendmicro.com/solution/1119158

https://www.zerodayinitiative.com/advisories/ZDI-18-067/

Plugin Details

Severity: High

ID: 110766

File Name: trendmicro_control_manager_cve-2018-3064.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 2018/06/28

Modified: 2018/09/17

Dependencies: 97225

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Sqli rce is achievable with default tmcm configuration and runs as the network service account

CVSSv2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:trend_micro:control_manager

Required KB Items: installed_sw/Trend Micro Control Manager

Patch Publication Date: 2018/01/09

Vulnerability Publication Date: 2018/01/09

Reference Information

CVE: CVE-2018-3604

ZDI: ZDI-18-067