CVE-2017-14084

8.1 HIGH

Published: October 06, 2017 Modified: May 13, 2026

Description

A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt

Source: security@trendmicro.com

Third Party Advisory

http://packetstormsecurity.com/files/144400/TrendMicro-OfficeScan-11.0-XG-12.0-Man-In-The-Middle.html

Source: security@trendmicro.com

Third Party Advisory VDB Entry

http://seclists.org/fulldisclosure/2017/Sep/87

Source: security@trendmicro.com

Mailing List Third Party Advisory

http://www.securityfocus.com/archive/1/541264/100/0/threaded

Source: security@trendmicro.com

http://www.securityfocus.com/archive/1/541275/100/0/threaded

Source: security@trendmicro.com

http://www.securityfocus.com/bid/101072

Source: security@trendmicro.com

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1039500

Source: security@trendmicro.com

Third Party Advisory VDB Entry

https://success.trendmicro.com/solution/1118372

Source: security@trendmicro.com

Issue Tracking Mitigation Patch Vendor Advisory

https://www.exploit-db.com/exploits/42891/

Source: security@trendmicro.com

Third Party Advisory VDB Entry

http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://packetstormsecurity.com/files/144400/TrendMicro-OfficeScan-11.0-XG-12.0-Man-In-The-Middle.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry

http://seclists.org/fulldisclosure/2017/Sep/87

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://www.securityfocus.com/archive/1/541264/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/541275/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/101072

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1039500

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry

https://success.trendmicro.com/solution/1118372

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Mitigation Patch Vendor Advisory

https://www.exploit-db.com/exploits/42891/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry

18 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.1 / 10.0

EPSS (Exploit Probability)

10.1%

95th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

trendmicro