Vulnerability Details : CVE-2016-6603
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
Vulnerability category: Input validation
Products affected by CVE-2016-6603
- cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6603
41.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6603
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-6603
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6603
-
http://www.securityfocus.com/archive/1/539159/100/0/threaded
SecurityFocus
-
https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them
Recent Vulnerabilities in WebNMS and how to protect the server against them - WebNMS Developer Forums
-
http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html
WebNMS Framework 5.2 SP1 Traversal / Weak Obfuscation / User Impersonation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/92402
WebNMS Framework Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2016/Aug/54
Full Disclosure: [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1Exploit;Mailing List;Third Party Advisory
-
https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
PoC/webnms-5.2-sp1-pwn.txt at master · pedrib/PoC · GitHubExploit;Third Party Advisory
-
https://blogs.securiteam.com/index.php/archives/2712
SSD Advisory - WebNMS Framework Server Multiple Vulnerabilities - SSD Secure DisclosureExploit;Technical Description;Third Party Advisory
-
https://www.exploit-db.com/exploits/40229/
WebNMS Framework Server 5.2/5.2 SP1 - Multiple VulnerabilitiesExploit;Third Party Advisory;VDB Entry
Jump to