CVE-2016-7552 Information
Feb 14, 2021
cve
Description
On the Trend Micro Threat Discovery Appliance 2.6.1062r1 directory traversal when processing a session_id cookie allows a remote unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/97599 https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: