PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-9315 Trendmicro CVE debrief

CVE-2016-9315 is a high-severity privilege-escalation issue in Trend Micro InterScan Web Security Virtual Appliance (IWSVA). According to the CVE record, an authenticated remote user with least privileges could change the Master Admin password and/or add new administrator accounts. NVD lists the vulnerable range as IWSVA version 6.5 and earlier, and Trend Micro’s referenced fix is Version 6.5 CP 1737.

Vendor
Trendmicro
Product
CVE-2016-9315
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-21
Original CVE updated
2026-05-13
Advisory published
2017-02-21
Advisory updated
2026-05-13

Who should care

Organizations running Trend Micro IWSVA, especially administrators responsible for appliance management, access control, and incident response. This matters most where low-privilege authenticated accounts exist or where the appliance is exposed to remote management.

Technical summary

The NVD entry classifies the issue as a network-reachable, low-complexity, authenticated privilege-escalation vulnerability with no user interaction required (CVSS 3.0 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The affected component is com.trend.iwss.gui.servlet.updateaccountadministration. In practice, a least-privilege authenticated user could improperly gain administrative control by changing the Master Admin password and/or creating additional admin accounts. The CVE record maps this to CWE-264 and references Trend Micro’s fix in IWSVA 6.5 CP 1737.

Defensive priority

High priority. The issue enables direct administrative takeover from an authenticated low-privilege foothold, which can rapidly expand access and impact security controls, traffic inspection, and appliance trust.

Recommended defensive actions

  • Verify whether any Trend Micro IWSVA instances are at version 6.5-SP2_Build_Linux_1707 or earlier.
  • Apply Trend Micro IWSVA 6.5 CP 1737 or later, per the referenced vendor remediation.
  • Review appliance accounts for unexpected administrator creation or password changes, especially around the vulnerable servlet path.
  • Audit authentication logs and administrative change logs for low-privilege accounts performing privileged actions.
  • Restrict management access to trusted administrative networks and review least-privilege account assignments.
  • If patching is delayed, increase monitoring on account-administration actions and consider temporary access restrictions for non-admin users.

Evidence notes

The debrief is based on the supplied CVE record and NVD metadata only. The record states that authenticated remote least-privilege users could change the Master Admin password and/or add admin accounts, and that the issue was resolved in Version 6.5 CP 1737. NVD lists the affected CPE as Trend Micro InterScan Web Security Virtual Appliance with versions up to and including 6.5, and provides the CVSS 3.0 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The referenced sources include the official Trend Micro solution page.

Official resources

Publicly disclosed in the CVE record on 2017-02-21. The NVD entry was later modified on 2026-05-13; that date reflects record maintenance, not the vulnerability’s original issue date.