CVE-2016-10831 : cPanel before 55.9999.141 does not perform as two-factor authentication check wh

cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).

Published 2019-08-01 17:15:12

Updated 2019-08-12 16:11:23

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2016-10831

Cpanel » Cpanel
Versions from including (>=) 55.9999.61 and before (<) 55.9999.141
cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*
Matching versions
Cpanel » Cpanel
Versions from including (>=) 11.54.0.0 and before (<) 11.54.0.20
cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*
Matching versions

Top countries where our scanners detected CVE-2016-10831

Top open port discovered on systems with this issue 80

IPs affected by CVE-2016-10831 68

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2016-10831!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

EPSS FAQ

0.56%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.2	HIGH	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

Jump to