The company Trend Micro this week sent out to customers update InterScan Web Security Virtual Appliance (IWSVA) , which patches several serious vulnerabilities. A potential attacker can use some of these vulnerabilities to remotely take control of the attacked device.
The security concerns were identified by Wolfgang Ettlinger, an Austrian cybersecurity expert from SEC Consult. It is noteworthy that Ettlinger reported vulnerabilities to Trend Micro back in the summer of 2019.
Only at the end of November 2020, the developers were able to eliminate the gaps described by the researcher – with the release of the IWSVA 6.5 SP2 CP b1919 version. Despite the lengthy patching process, Ettlinger noted that Trend Micro approached the problem quite professionally.
As a reminder, Trend Micro IWSVA is a web-based gateway that helps organizations protect systems from today’s cyberthreats. At the same time, IWSVA can monitor employee Internet usage in real time.
In total, Ettlinger discovered six IWSVA vulnerabilities, including the ability to bypass protection against CSRF, XSS, bypass authentication and authorization, and the ability to inject and execute commands. Most of the flaws have received a high severity rating.
The researcher also identified three attack scenarios that exploit these holes. In one of these scenarios, the attacker will be able to remotely gain root access to the attacked device.
SEC Consult has dedicated a separate post to these security issues , where you can also find technical details of the identified vulnerabilities. SEC Consult refused to publish the exploit code.
Nevertheless, we can watch a video that demonstrates the exploitation of vulnerabilities and the corresponding attack: