|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Trend Micro InterScan Web Security Suite: six vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Trend Micro InterScan Web Security Suite.
Impacted products: InterScan Web Security Suite.
Creation date: 16/02/2017.
Revision date: 27/02/2017.
Identifiers: CVE-2016-9269, CVE-2016-9314, CVE-2016-9315, CVE-2016-9316, VIGILANCE-VUL-21870.
Description of the vulnerability
Several vulnerabilities were announced in Trend Micro InterScan Web Security Suite.
An authenticated attacker can upload a malicious file via ConfigBackup, in order for example to upload a Trojan. [severity:3/4; CVE-2016-9314]
An authenticated attacker can use the page updateaccountadministration, in order to get administator's privileges. [severity:3/4; CVE-2016-9315]
An attacker can restore a modified backup of the system configuration, in order to get root privileges on the underlying Linux. [severity:3/4; CVE-2016-9314]
An attacker can bypass security features via ManagePatches, in order to escalate his privileges. [severity:2/4; CVE-2016-9269]
An attacker can use a vulnerability via saveCert.imss, in order to run code. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities workaround. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.