偵測

Trend Micro IWSVA 6.5 < 6.5 Build 1746 多個弱點

medium Nessus Plugin ID 99248

語系:

概要

遠端主機受多個弱點影響。

說明

遠端主機上安裝的 Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 版本為比 6.5 Build 1746 舊的 6.5 版。因此,會受到多個弱點影響:- 有多個存取控制問題,低權限的經驗證遠端攻擊者可藉以修改 FTP 存取控制、建立或修改報告,或上傳 HTTPS 解密憑證和私密金鑰。(CVE-2017-6338) - 管理特定金鑰和憑證資料的方式中有一個缺陷。依預設,IWSVA 是私密憑證授權單位 (CA),可動態產生傳送至用戶端瀏覽器的數位憑證,以完成 HTTPS 連線的安全通道。管理員也可藉此上傳由 root CA 簽署的自有憑證。低權限的經驗證遠端攻擊者可下載最新 CA 憑證和私密金鑰 (預設的憑證和金鑰,或管理員上傳的憑證和金鑰),並用來將 HTTPS 流量解密,進而導致機密性喪失。此外,應用裝置上的預設私密金鑰也是用極弱的複雜密碼加密。攻擊者同樣可加以惡意利用來破解加密保護機制。(CVE-2017-6339) - rest/commonlog/report/template 中有一個跨網站指令碼 (XSS) 弱點,這是因為不當清理使用者提供給名稱欄位的輸入所致。低權限的經驗證遠端攻擊者可加以惡意利用,在建立新報告時插入任意 JavaScript。此外,由於存取控制機制不正確,攻擊者可惡意利用此問題來建立或修改報告,進而在使用者瀏覽報告或 auditlog 頁面時,在使用者的瀏覽器工作階段上執行任意指令碼。(CVE-2017-6340) - 此外,還接獲了其他弱點報告,其中最嚴重的弱點允許未經驗證的遠端攻擊者插入命令,或執行任意程式碼。

解決方案

升級至 Trend Micro IWSVA 6.5 Build 1746 版或更新版本。

另請參閱

https://success.trendmicro.com/solution/1116960

https://www.zerodayinitiative.com/advisories/ZDI-17-193/

https://www.zerodayinitiative.com/advisories/ZDI-17-194/

https://www.zerodayinitiative.com/advisories/ZDI-17-195/

https://www.zerodayinitiative.com/advisories/ZDI-17-196/

https://www.zerodayinitiative.com/advisories/ZDI-17-197/

https://www.zerodayinitiative.com/advisories/ZDI-17-198/

https://www.zerodayinitiative.com/advisories/ZDI-17-199/

https://www.zerodayinitiative.com/advisories/ZDI-17-200/

https://www.zerodayinitiative.com/advisories/ZDI-17-201/

https://www.zerodayinitiative.com/advisories/ZDI-17-202/

https://www.zerodayinitiative.com/advisories/ZDI-17-203/

https://www.zerodayinitiative.com/advisories/ZDI-17-204/

https://www.zerodayinitiative.com/advisories/ZDI-17-205/

https://www.zerodayinitiative.com/advisories/ZDI-17-206/

https://www.zerodayinitiative.com/advisories/ZDI-17-207/

https://www.zerodayinitiative.com/advisories/ZDI-17-208/

https://www.zerodayinitiative.com/advisories/ZDI-17-209/

https://www.zerodayinitiative.com/advisories/ZDI-17-210/

https://www.zerodayinitiative.com/advisories/ZDI-17-211/

https://www.zerodayinitiative.com/advisories/ZDI-17-212/

https://www.zerodayinitiative.com/advisories/ZDI-17-213/

https://www.zerodayinitiative.com/advisories/ZDI-17-214/

https://www.zerodayinitiative.com/advisories/ZDI-17-215/

https://www.zerodayinitiative.com/advisories/ZDI-17-216/

https://www.zerodayinitiative.com/advisories/ZDI-17-217/

https://www.zerodayinitiative.com/advisories/ZDI-17-218/

https://www.zerodayinitiative.com/advisories/ZDI-17-219/

https://www.zerodayinitiative.com/advisories/ZDI-17-220/

https://www.zerodayinitiative.com/advisories/ZDI-17-221/

https://www.zerodayinitiative.com/advisories/ZDI-17-222/

https://www.zerodayinitiative.com/advisories/ZDI-17-223/

https://www.zerodayinitiative.com/advisories/ZDI-17-224/

https://www.zerodayinitiative.com/advisories/ZDI-17-225/

https://www.zerodayinitiative.com/advisories/ZDI-17-226/

https://www.zerodayinitiative.com/advisories/ZDI-17-227/

https://www.zerodayinitiative.com/advisories/ZDI-17-228/

https://www.zerodayinitiative.com/advisories/ZDI-17-229/

https://www.zerodayinitiative.com/advisories/ZDI-17-230/

https://www.zerodayinitiative.com/advisories/ZDI-17-231/

https://www.zerodayinitiative.com/advisories/ZDI-17-232/

https://www.zerodayinitiative.com/advisories/ZDI-17-233/

Plugin 詳細資訊

嚴重性: Medium

ID: 99248

檔案名稱: trendmicro_iwsva_6_5_1746.nasl

版本: 1.6

類型: local

系列: Firewalls

已發布: 2017/4/7

已更新: 2019/11/13

支援的感應器: Nessus

風險資訊

VPR

風險因素: Medium

分數: 4.4

CVSS v2

風險因素: Medium

基本分數: 4

時間分數: 3.1

媒介: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS 評分資料來源: CVE-2017-6339

CVSS v3

風險因素: Medium

基本分數: 6.5

時間分數: 5.9

媒介: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

時間媒介: CVSS:3.0/E:P/RL:O/RC:C

弱點資訊

CPE: cpe:/a:trendmicro:interscan_web_security_virtual_appliance

必要的 KB 項目: Host/TrendMicro/IWSVA/version

可被惡意程式利用: true

可輕鬆利用: Exploits are available

修補程式發佈日期: 2017/3/28

弱點發布日期: 2017/3/28

參考資訊

CVE: CVE-2017-6338, CVE-2017-6339, CVE-2017-6340