8.8

CVE-2017-14079

Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrendmicroMobile Security Version9.7 SwEditionenterprise
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.93% 0.953
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://success.trendmicro.com/solution/1118224
Patch
Vendor Advisory
Mitigation
http://www.securityfocus.com/bid/100970
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-785
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-789
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-790
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-807
Third Party Advisory
VDB Entry