Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

SECURITY BULLETIN: Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Multiple Vulnerabilities

    • Updated:
    • 16 Nov 2020
    • Product/Version:
    • Interscan Web Security Virtual Appliance 6.5
    • Platform:
Summary
Release Date: November 16, 2020
CVE Identifier(s): CVE-2020-28578 through 28581
Platform(s): Virtual Appliance
CVSS 3.0 Score(s): 4.7 - 7.3
Severity Rating(s): Medium - High

Trend Micro has made a hotfix available for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. This hotfix addresses multiple vulnerabilities related to remote stack buffer overflows and authenticated command injections.

Details
Public

Affected Version(s)

ProductAffected Version(s)PlatformLanguage(s)
IWSVA6.5 SP2Virtual ApplianceEnglish


Solution

Trend Micro has created the following solution to address the issue:

ProductUpdated versionNotesPlatformAvailability
IWSVA6.5 SP2 Hotfix 1919See Below*Virtual ApplianceSee Below*

*Please note this this hotfix is not considered to have the same level of testing of a regular Critical Patch and there are some potential known issues.  Because of this, the hotfix is being made available upon request only to specific customers by contacting their Trend Micro authorized support representative. 

This bulletin will be updated as soon as a proper Critical Patch is made publicly available.

Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.


Vulnerability Details

CVE-2020-28578Unauthenticated Remote Stack Buffer Overflow Vulnerability
CVSSv3: 7.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

CVE-2020-28579Authenticated Remote Stack Buffer Overflow Vulnerability 
CVSSv3: 6.3: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

CVE-2020-28580, CVE-2020-28581Authenticated Command Injection Vulnerabilities 
CVSSv3: 4.7: AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Command injection vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

 


Mitigating Factors

Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.

As a matter of best practice, and specifically to help protect against the vulnerabilities listed in this bulletin, the following mitigations are also recommended:

  1.  Enable Management Access Control in IWSVA to set ACLs that restrict access to the management console to a specific IP or IP range that are trusted in your organization.
  2.  Utilize other security tools in the environment (e.g. firewall) to limit IP access to the IWSVA management console.


Acknowledgement

Trend Micro acknowledges the following individuals/organizations for finding and disclosing these issues:

  • Tenable, Inc.


External Reference(s)

  • Tenable TRA-2020-63
Premium
Internal
Partner
Rating:
Category:
Update
Solution Id:
000281954
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.