HTTP: Trend Micro InterScan Web Security Virtual Appliance ManageVLANSettings Command Injections
This signature detects attempts to exploit a known vulnerability against Trend Micro InterScan Web Security Virtual Appliance. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
Affected Products
Trendmicro interscan_web_security_virtual_appliance
Short Name
HTTP:CTS:TM-IWSVA-MVLANSET-CINJ
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Appliance CVE-2020-28580 CVE-2020-28581 Command Injections InterScan ManageVLANSettings Micro Security Trend Virtual Web
Release Date
02/02/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Trendmicro
CVSS Score
9.0