Vulnerability Description
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Threat Discovery Appliance | <= 2.6.1062 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/142223/Trend-Micro-Threat-Discovery-ApplianExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/142224/Trend-Micro-Threat-Discovery-ApplianExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/98342
- http://packetstormsecurity.com/files/142223/Trend-Micro-Threat-Discovery-ApplianExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/142224/Trend-Micro-Threat-Discovery-ApplianExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/98342
FAQ
What is CVE-2016-8585?
CVE-2016-8585 is a vulnerability with a CVSS score of 8.8 (HIGH). admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezon...
How severe is CVE-2016-8585?
CVE-2016-8585 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8585?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Threat Discovery Appliance.