CVE Identifier(s): CVE-2020-28578 through 28581
Platform(s): Virtual Appliance
CVSS 3.0 Score(s): 4.7 - 7.3
Severity Rating(s): Medium - High
Trend Micro has made a hotfix available for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. This hotfix addresses multiple vulnerabilities related to remote stack buffer overflows and authenticated command injections.
Affected Version(s)
| Product | Affected Version(s) | Platform | Language(s) |
|---|---|---|---|
| IWSVA | 6.5 SP2 | Virtual Appliance | English |
Solution
Trend Micro has created the following solution to address the issue:
| Product | Updated version | Notes | Platform | Availability |
|---|---|---|---|---|
| IWSVA | 6.5 SP2 Hotfix 1919 | See Below* | Virtual Appliance | See Below* |
*Please note this this hotfix is not considered to have the same level of testing of a regular Critical Patch and there are some potential known issues. Because of this, the hotfix is being made available upon request only to specific customers by contacting their Trend Micro authorized support representative.
This bulletin will be updated as soon as a proper Critical Patch is made publicly available.
Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.
Vulnerability Details
CVE-2020-28578: Unauthenticated Remote Stack Buffer Overflow Vulnerability CVSSv3: 7.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
CVE-2020-28579: Authenticated Remote Stack Buffer Overflow Vulnerability
CVSSv3: 6.3: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
CVE-2020-28580, CVE-2020-28581: Authenticated Command Injection Vulnerabilities
CVSSv3: 4.7: AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Command injection vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
Mitigating Factors
Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.
As a matter of best practice, and specifically to help protect against the vulnerabilities listed in this bulletin, the following mitigations are also recommended:
- Enable Management Access Control in IWSVA to set ACLs that restrict access to the management console to a specific IP or IP range that are trusted in your organization.
- Utilize other security tools in the environment (e.g. firewall) to limit IP access to the IWSVA management console.
Acknowledgement
Trend Micro acknowledges the following individuals/organizations for finding and disclosing these issues:
- Tenable, Inc.
External Reference(s)
- Tenable TRA-2020-63
