← back
CVE-2017-14095

CVE-2017-14095

EPSS 12.7%CWE-98
In short

Trend Micro Smart Protection Server versions 3.2 and below have a flaw that allows attackers to run commands remotely on the affected system by exploiting a file inclusion weakness. This can give an attacker full control over the server.

Technical detail

A local file inclusion (LFI) vulnerability in Trend Micro Smart Protection Server ≤3.2 enables remote command execution (RCE) when an attacker manipulates file paths to include and execute malicious code. The attack requires network access to the vulnerable application endpoint.

Summary generated and translated by AI from the official description.
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
Affected products
Trend Micro · Trend Micro Smart Protection Server (Standalone)
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43388/unverifiedexploitdbwww.exploit-db.com/exploits/43388unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://success.trendmicro.com/solution/1118992https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/43388/http://www.securityfocus.com/bid/102275