CVE-2017-6339

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/97492	Third Party Advisory VDB Entry
https://success.trendmicro.com/solution/1116960	Patch Vendor Advisory
https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-04-05 16:59

Updated : 2024-02-04 19:11

NVD link : CVE-2017-6339

Mitre link : CVE-2017-6339

CVE.ORG link : CVE-2017-6339

JSON object : View

Products Affected

trendmicro

interscan_web_security_virtual_appliance

CWE

CWE-269

Improper Privilege Management

CWE-521

Weak Password Requirements

{"id": "CVE-2017-6339", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-04-05T16:59:00.223", "references": [{"url": "http://www.securityfocus.com/bid/97492", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://success.trendmicro.com/solution/1116960", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdf", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase."}, {"lang": "es", "value": "El dispositivo virtual de InterScan Web Security de Trend Micro (IWSVA) 6.5 en versiones anteriores a CP 1746 maneja mal ciertos datos de clave y certificado. Por IWSVA, por defecto, IWSVA act\u00faa como una entidad de certificaci\u00f3n privada (CA) y genera din\u00e1micamente certificados digitales que se env\u00edan a los navegadores de cliente para completar un paso seguro para conexiones HTTPS. Tambi\u00e9n permite a los administradores cargar sus propios certificados firmados por una root CA. Un atacante con privilegios bajos puede descargar el certificado actual de la CA y la clave privada (ya sea los predeterminados o los subidos por los administradores) y utilizarlos para descifrar el tr\u00e1fico HTTPS, comprometiendo as\u00ed la confidencialidad. Adem\u00e1s, la clave privada predeterminada de este dispositivo se cifra con una contrase\u00f1a muy d\u00e9bil. Si un dispositivo utiliza el certificado predeterminado y la clave privada proporcionada por Trend Micro, un atacante puede simplemente descargarlos y descifrar la clave privada usando la contrase\u00f1a predeterminada/d\u00e9bil."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13E40CEF-289B-4946-AFAD-D247C5EEE20C", "versionEndIncluding": "6.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}