CVE-2016-6603
🔴 Łataj teraz
Obejście uwierzytelnienia w ZOHO WebNMS Framework umożliwia podszywanie się pod użytkowników.
CVSS
9.8
EPSS
70.3%
Exploit
poc
Vendor
zohocorp
Opis źródłowy (NVD)
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
auth-bypass exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 70.3% |
| Opublikowano (NVD) | 2017-01-23 21:59:02 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-13 00:24:29 UTC |
Referencje
- http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- http://seclists.org/fulldisclosure/2016/Aug/54 (cve@mitre.org) [Exploit, Mailing List, Third Party Advisory]
- http://www.securityfocus.com/archive/1/539159/100/0/threaded (cve@mitre.org)
- http://www.securityfocus.com/bid/92402 (cve@mitre.org) [Third Party Advisory, VDB Entry]
- https://blogs.securiteam.com/index.php/archives/2712 (cve@mitre.org) [Exploit, Technical Description, Third Party Advisory]
- https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them (cve@mitre.org)
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt (cve@mitre.org) [Exploit, Third Party Advisory]
- https://www.exploit-db.com/exploits/40229/ (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]