CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8465

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile7.73th
PublishedDec 17, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.

Affected Platforms (CPE)

πŸ“¦
Trendmicro

Interscan Web Security Virtual Appliance

= 6.5

References & Advisories

πŸ”— https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
πŸ”— https://success.trendmicro.com/solution/000283077
πŸ”— https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/
πŸ”— https://success.trendmicro.com/solution/000283077

Related Vulnerabilities

CVE-2016-92699.9

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSV...

CVE-2020-86069.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on...

CVE-2020-285789.8

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to...

CVE-2020-84669.8

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hash...