PatchSiren cyber security CVE debrief
CVE-2016-6270 Trendmicro CVE debrief
CVE-2016-6270 is a high-severity authenticated command-injection issue in Trend Micro Virtual Mobile Infrastructure (VMI) before 5.1. According to the CVE description, the handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py can be abused through shell metacharacters in the password supplied to api/v1/cfg/oauth/save_identify_pfx/, enabling arbitrary command execution by a remote authenticated user.
- Vendor
- Trendmicro
- Product
- CVE-2016-6270
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-30
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-30
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams responsible for Trend Micro Virtual Mobile Infrastructure, especially systems exposing the affected API or management functions, should treat this as a priority. Identity, API, and platform owners should also review access controls and patch status.
Technical summary
The issue is a shell-command injection problem (CWE-77) in VMI's handle_certificate workflow. NVD maps the affected product as Trend Micro Virtual Mobile Infrastructure 5.0 and assigns CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8). The published description states that a remote authenticated user can achieve arbitrary command execution by supplying shell metacharacters in the password parameter used by api/v1/cfg/oauth/save_identify_pfx/.
Defensive priority
High. The vulnerability is remotely reachable, requires only low privileges, and can result in full confidentiality, integrity, and availability impact on the affected appliance or service.
Recommended defensive actions
- Upgrade Trend Micro Virtual Mobile Infrastructure to version 5.1 or later, consistent with the published affected-version boundary.
- Restrict access to the affected management/API interface to trusted administrative networks only.
- Review authentication and authorization controls around the certificate import and OAuth configuration workflow.
- Search logs and audit trails for unusual requests to api/v1/cfg/oauth/save_identify_pfx/ and related management commands.
- Rotate credentials and certificates if there is any indication the affected function was misused.
- Validate and sanitize all user-controlled inputs that reach shell execution paths, and remove shell invocation where possible.
Evidence notes
The CVE description explicitly names the vulnerable function, file path, endpoint, and the shell-metacharacter condition. NVD lists the weakness as CWE-77 and provides a high-severity CVSS 3.1 vector. The supplied NVD metadata also marks Trend Micro Virtual Mobile Infrastructure 5.0 as vulnerable, while the description states the issue affects versions before 5.1. References include the vendor advisory and a technical third-party write-up, but no KEV entry was supplied in the corpus.
Official resources
-
CVE-2016-6270 CVE record
CVE.org
-
CVE-2016-6270 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Exploit, Technical Description, Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed and recorded on 2017-01-30; the supplied NVD record was last modified on 2026-05-13. No CISA KEV listing was supplied.