CVE-2016-6601
Published on: 01/23/2017 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:11 PM UTC
Certain versions of Webnms Framework from Zohocorp contain the following vulnerability:
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
- CVE-2016-6601 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.5 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | NONE | NONE |
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
WebNMS Framework 5.2 SP1 Traversal / Weak Obfuscation / User Impersonation ≈ Packet Storm | Exploit Third Party Advisory packetstormsecurity.com text/html |
![]() |
WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities | Exploit Third Party Advisory www.exploit-db.com Proof of Concept text/html |
![]() |
CVE-2016-6601 WebNMS Framework Server Arbitrary Text File Download | Rapid7 | Third Party Advisory www.rapid7.com text/html |
![]() |
Full Disclosure: [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 | Exploit Mailing List seclists.org text/html |
![]() |
Recent Vulnerabilities in WebNMS and how to protect the server against them - WebNMS Developer Forums | forums.webnms.com text/html |
![]() |
CVE-2016-6601 WebNMS Framework Server Credential Disclosure | Rapid7 | Third Party Advisory www.rapid7.com text/html |
![]() |
SSD Advisory – Multiple Vulnerabilities in WebNMS Framework Server | SecuriTeam Blogs | Exploit Technical Description Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
WebNMS Framework Multiple Security Vulnerabilities | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
PoC/webnms-5.2-sp1-pwn.txt at master · pedrib/PoC · GitHub | Exploit github.com text/html |
![]() |
SecurityFocus | www.securityfocus.com text/html |
![]() |
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Zohocorp | Webnms Framework | 5.2 | All | All | All |
Application | Zohocorp | Webnms Framework | 5.2 | sp1 | All | All |
Application | Zohocorp | Webnms Framework | 5.2 | All | All | All |
Application | Zohocorp | Webnms Framework | 5.2 | sp1 | All | All |
- cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*:
- cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*:
- cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*:
- cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE