What is CVE-2016-6267?

CVE-2016-6267 is a high-severity vulnerability in Trendmicro Smart_protection_server, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2017-01-30.

How severe is CVE-2016-6267?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2016-6267 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Trendmicro Smart_protection_server

CVE-2016-6267

SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.725 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Trendmicro Smart_protection_server — versions 2.5, 2.6, 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (Technical Description, Exploit, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Patch, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2016-6267?: CVE-2016-6267 is a high-severity vulnerability in Trendmicro Smart_protection_server, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2017-01-30.
How severe is CVE-2016-6267?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2016-6267 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.