Vulnerability in the Trend Micro InterScan Web Security Virtual Appliance Could Allow for Remote Code Execution

ITS Advisory Number: 
2016-094
Date(s) Issued: 
Friday, May 20, 2016
Subject: 
Vulnerability in the Trend Micro InterScan Web Security Virtual Appliance Could Allow for Remote Code Execution
Overview: 

A vulnerability has been discovered in the Trend Micro InterScan Web Security Virtual Appliance (Secure web gateway) which could allow for remote code execution. Trend Micro has released new builds of the Trend Micro InterScan Web Security Virtual Appliance which resolve vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations.

Systems Affected: 
  • IWSVA 6.5 SP2 (Build 1620)
  • IWSVA 6.0 SP1 (Build 1255)
  • IWSVA 6.0  (Build 1262)
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

A vulnerability has been discovered in the Trend Micro InterScan Web Security Virtual Appliance which could allow for remote code execution. Trend Micro has released new builds of the Trend Micro InterScan Web Security Virtual Appliance which resolve vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations. This update resolves some vulnerabilities in the Trend Micro InterScan Web Security Virtual Appliance in which a remote attacker could potentially attain code execution under the context of either the current process or root.  Customers are highly encouraged to update to the latest build as soon as possible.  Remote code execution generally requires that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review access to critical systems and ensure policies and perimeter security is up-to-date.

Actions: 
  • After appropriate testing, apply appropriate patches provided by Trend Micro to vulnerable systems.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Review access to critical systems and ensure policies and perimeter security is up-to-date.