Vulnerability Details : CVE-2016-6602
Public exploit exists!
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.
Products affected by CVE-2016-6602
- cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6602
1.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-6602
-
WebNMS Framework Server Credential Disclosure
Disclosure Date: 2016-07-04First seen: 2020-04-26auxiliary/admin/http/webnms_cred_disclosureThis module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract all user credentials. The first vulnerability is an unauthenticated file download in the FetchFile servlet, which is used to download the file containing the user credentials. Th
CVSS scores for CVE-2016-6602
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-6602
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6602
-
http://www.securityfocus.com/archive/1/539159/100/0/threaded
SecurityFocus
-
http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure
WebNMS Framework Server Credential DisclosureThird Party Advisory
-
https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them
Recent Vulnerabilities in WebNMS and how to protect the server against them - WebNMS Developer Forums
-
http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html
WebNMS Framework 5.2 SP1 Traversal / Weak Obfuscation / User Impersonation ≈ Packet StormExploit;Third Party Advisory
-
http://www.securityfocus.com/bid/92402
WebNMS Framework Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2016/Aug/54
Full Disclosure: [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1Exploit;Mailing List
-
https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
PoC/webnms-5.2-sp1-pwn.txt at master · pedrib/PoC · GitHubExploit
-
https://blogs.securiteam.com/index.php/archives/2712
SSD Advisory - WebNMS Framework Server Multiple Vulnerabilities - SSD Secure DisclosureExploit;Technical Description;Third Party Advisory
-
https://www.exploit-db.com/exploits/40229/
WebNMS Framework Server 5.2/5.2 SP1 - Multiple VulnerabilitiesExploit;Third Party Advisory
Jump to