What is CVE-2017-11395?

CVE-2017-11395 is a high-severity vulnerability in Trend Micro Smart Protection Server (Standalone), classified under OS Command Injection. CVSS score: 8.8/10. Published 2017-09-22.

How severe is CVE-2017-11395?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Trend Micro Smart Protection Server (Standalone)

CVE-2017-11395

Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.079 (92.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Trend Micro Smart Protection Server (Standalone) — versions 3.2, 3.1
Trendmicro Smart_protection_server — versions 3.1, 3.2

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

security@trendmicro.com (Exploit, Third Party Advisory, x_refsource_MISC)
security@trendmicro.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security@trendmicro.com (x_refsource_CONFIRM, Patch, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2017-11395?: CVE-2017-11395 is a high-severity vulnerability in Trend Micro Smart Protection Server (Standalone), classified under OS Command Injection. CVSS score: 8.8/10. Published 2017-09-22.
How severe is CVE-2017-11395?: High severity. CVSS v3 base score is 8.8 out of 10.