Vulnerability Description
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Akips | Network Monitor | >= 15.37, <= 16.5 |
Related Weaknesses (CWE)
References
- https://ctrlu.net/vuln/0002.htmlExploitThird Party Advisory
- https://www.exploit-db.com/exploits/39564ExploitThird Party AdvisoryVDB Entry
- https://ctrlu.net/vuln/0002.htmlExploitThird Party Advisory
- https://www.exploit-db.com/exploits/39564ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2016-11017?
CVE-2016-11017 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a f...
How severe is CVE-2016-11017?
CVE-2016-11017 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-11017?
Check the references section above for vendor advisories and patch information. Affected products include: Akips Network Monitor.