Number: AV17-057
Date: 20 April 2017
Purpose
The purpose of this advisory is to bring attention to a vulnerability in Trend Micro’s Threat Discovery Appliance.
Assessment
The Trend Micro Threat Discovery Appliance 2.6.1062r1 is prone to directory traversal when processing a session_id cookie that could allow a remote, unauthenticated user to delete arbitrary files with root privileges. This could be used to bypass authentication or cause a denial of service (DoS).
CVE Reference: CVE-2016-7552
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
http://www.securityfocus.com/bid/97599
http://www.cvedetails.com/cve/CVE-2016-7552/