Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

SECURITY BULLETIN: December 2020 Security Bulletin for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2

    • Updated:
    • 24 May 2021
    • Product/Version:
    • Interscan Web Security Virtual Appliance 6.5
    • Platform:
Summary
Release Date: December 15, 2020
CVE Identifier(s): CVE-2020-8461 through 8466, CVE-2020-27010
Platform(s): Virtual Appliance
CVSS 3.0 Score(s): 3.3 - 8.2
Severity Rating(s): Low - High

Trend Micro has made a Critical Patch (CP) available for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. This CP addresses multiple vulnerabilities related to CRSF protection bypass, cross-site scripting (XSS), authorization/authentication bypass, code execution and unauthenticated command injections.

Details
Public

Affected Version(s)

ProductAffected Version(s)PlatformLanguage(s)
IWSVA6.5 SP2Virtual ApplianceEnglish


Solution

Trend Micro has created the following solution to address the issue:

ProductUpdated versionNotesPlatformAvailability
IWSVA6.5 SP2 CP b1919ReadmeVirtual ApplianceAvailable Now


Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.


Vulnerability Details

CVE-2020-8461CSRF Protection Bypass 
CVSSv3: 7.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L/E:F/RL:O/RC:C
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. 

CVE-2020-8462, CVE-2020-27010Cross-Site Scripting
CVSSv3: 3.3: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
Cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.

CVE-2020-8463Authorization Bypass
CVSSv3: 8.2: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:F/RL:O/RC:C
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.

CVE-2020-8464Authentication Bypass/SSRF
CVSSv3: 8.2: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:F/RL:O/RC:C
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.

CVE-2020-8465Code Execution
CVSSv3: 8.2: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:F/RL:O/RC:C
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.

CVE-2020-8466Unauthenticated Command Injection
CVSSv3: 8.2: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:F/RL:O/RC:C
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.

 


Mitigating Factors

Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.

As a matter of best practice to help protect against unauthorized access to the product admin console, the following mitigations are also recommended:

  1.  Enable Management Access Control in IWSVA to set ACLs that restrict access to the management console to a specific IP or IP range that are trusted in your organization.
  2.  Utilize other security tools in the environment (e.g. firewall) to limit IP access to the IWSVA management console.


Acknowledgement

Trend Micro would like to thank the following individuals for responsibly disclosing these issues and working with Trend Micro to help protect our customers:


External Reference(s)

Premium
Internal
Partner
Rating:
Category:
Update
Solution Id:
000283077
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.