High severity8.8NVD Advisory· Published Jan 30, 2017· Updated May 13, 2026

CVE-2016-6270

Description

The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.

Affected products

Trend Micro/Virtual Mobile Infrastructure
cpe:2.3:a:trendmicro:virtual_mobile_infrastructure:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

qkaiser.github.io/pentesting/trendmicro/2016/10/08/trendmicro-vmi/nvdExploitTechnical DescriptionThird Party Advisory
www.securityfocus.com/bid/95884nvdThird Party AdvisoryVDB Entry
success.trendmicro.com/solution/1115411nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000