nvd-json-data-feeds/CVE-2020/CVE-2020-285xx/CVE-2020-28581.json

{
  "id": "CVE-2020-28581",
  "sourceIdentifier": "security@trendmicro.com",
  "published": "2020-11-18T19:15:12.023",
  "lastModified": "2020-11-28T21:58:25.087",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en ModifyVLANItem de Trend Micro InterScan Web Security Virtual Appliance versi\u00f3n 6.5 SP2, podr\u00eda permitir a un atacante remoto autenticado enviar mensajes HTTP especialmente dise\u00f1ados y ejecutar comandos de SO arbitrarios con privilegios elevados"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "778D5B34-395F-48EF-9E7D-B8FD11FEBE7E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://success.trendmicro.com/solution/000281954",
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.tenable.com/security/research/tra-2020-63",
      "source": "security@trendmicro.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}