CVE-2016-6267
CVE-2016-6267
Patch soon. has a working public exploit.
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 54.9%KEV nãoPoC —Nuclei —Metasploit simPatch —
Lifecycle
08 Aug 2016Metasploit module available
30 Jan 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
Affected products
n/a · n/a