An attacker could leverage this vulnerability to upload a malicious file that could lead to remote code execution. Trend Micro recommends caution when accepting file uploads, and closely monitoring the source of files. Moreover, Trend Micro encourages users to be careful when uploading sensitive data to external sources. Trend Micro encourages all users to apply the below guidelines when handling file uploads: Do not blindly accept file uploads. Instead, upload only authorized files.
Ensure that the source of the file is trusted.
Keep track of which files are being uploaded.
Vulnerability Details
A vulnerability was discovered in Trend Micro's enterprise security solution, Trend Micro™ Deep Discovery Inspector. An attacker could leverage this vulnerability to upload a malicious file that could lead to remote code execution.
This vulnerability is a privilege escalation issue which allows an attacker to exploit and take over the host by uploading a malicious HTML document.
Vulnerability Details:
This vulnerability has been assigned the CVE-2022-26871 identifier.
The vulnerability lies in a way that Trend Micro products handle uploading of files to web-based repositories, such as FTP and SFTP servers. A remote code execution vulnerability exists because an attacker can upload a malicious file and then execute the file with administrator privilege.
Vulnerability overview
A vulnerability in Trend Micro’s File Uploader allows an attacker to exploit a remote code execution vulnerability by uploading a malicious file. The first step in exploiting this vulnerability is for the hacker to upload a malicious file, which will trigger an attack that overwrites system files. Once the overwrite has been successful, the victim user will lose control of their machine, allowing the hacker to gain access and execute commands on their system.
Trend Micro recommends caution when accepting file uploads.
Vulnerability details
A vulnerability exists in Trend Micro's Web Intelligence Tool.
This vulnerability could allow for remote code execution on a vulnerable system as the tool does not verify that the uploaded file is legitimate.
Trend Micro recommends caution when accepting file uploads, and closely monitoring the source of files. Additionally, Trend Micro urges users to be careful when uploading sensitive data to external sources.
Trend Micro encourages all users to apply the below guidelines when handling file uploads:
Timeline
Published on: 03/29/2022 21:15:00 UTC
Last modified on: 04/08/2022 13:51:00 UTC
References
- https://success.trendmicro.com/solution/000290678
- https://success.trendmicro.com/jp/solution/000290660
- https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435
- https://jvn.jp/vu/JVNVU99107357
- https://www.jpcert.or.jp/english/at/2022/at220008.html
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26871