CVE-2017-14084 - A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may

CVE-2017-14084

Summary

A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.

References

Vulnerable Configurations

cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:12.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:12.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	101072
bugtraq	20170928 CVE-2017-14084 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution (apparitionsec / hyp3rlinx) 20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084 (apparitionsec / hyp3rlinx)
confirm	https://success.trendmicro.com/solution/1118372
exploit-db	42891
fulldisc	20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084
misc	http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt http://packetstormsecurity.com/files/144400/TrendMicro-OfficeScan-11.0-XG-12.0-Man-In-The-Middle.html
sectrack	1039500

Last major update

03-10-2019 - 00:03

Published

06-10-2017 - 01:29

Last modified

03-10-2019 - 00:03