CVE-2016-5840

7.2HIGH

Key Information:

Vendor: Trend Micro
Status: Deep Discovery Inspector
Vendor: CVE Published:; 30 June 2016

Summary

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.

References

http://www.zerodayinitiative.com/advisories/ZDI-16-373

x_refsource_MISC

http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html

third-party-advisoryx_refsource_JVNDB

http://jvn.jp/en/jp/JVN55428526/index.html

third-party-advisoryx_refsource_JVN

EPSS Score

3% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2016
Vulnerability Reserved
Jun 23, 2016