Arbitrary Code Execution in Trend Micro Threat Discovery Appliance via admin_sys_time.cgi

CVE-2016-8585 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.

Learn more about our User Device Pen Test.