CVE-2017-6339 — MEDIUM (6.5)

Q: How severe is CVE-2017-6339?

CVE-2017-6339 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-6339?

Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Interscan Web Security Virtual Appliance.

Vulnerability Description

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Trendmicro	Interscan Web Security Virtual Appliance	<= 6.5

Related Weaknesses (CWE)

CWE-521 CWE-269

References

http://www.securityfocus.com/bid/97492Third Party AdvisoryVDB Entry
https://success.trendmicro.com/solution/1116960PatchVendor Advisory
https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdfExploitTechnical DescriptionThird Party Advisory
http://www.securityfocus.com/bid/97492Third Party AdvisoryVDB Entry
https://success.trendmicro.com/solution/1116960PatchVendor Advisory
https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdfExploitTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2017-6339?

CVE-2017-6339 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Au...

How severe is CVE-2017-6339?

CVE-2017-6339 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-6339?

Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Interscan Web Security Virtual Appliance.