CVE-2017-6338 Information

Description

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated remote user with low privileges like ‘Reports Only’ or ‘Auditor’ to change FTP Access Control Settings create or modify reports or upload an HTTPS Decryption Certificate and Private Key.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Reference

http://www.securityfocus.com/bid/97482 https://success.trendmicro.com/solution/1116960 https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5