CVE-2016-10532

Name of the Vulnerable Software and Affected Versions console-io versions 2.2.13 and earlier

Description The issue is related to a lack of proper authentication configuration in the console-io module, allowing a malicious user to bypass authentication and execute commands on the system. This could lead to full system access if the console-io application is run from a privileged account. The vulnerability is due to the console-io application not requiring authentication for socket.io connections, enabling malicious users to send commands and receive responses via a websocket.

Recommendations Update to version 2.3.0 or later. As a temporary workaround, consider disabling the websocket connection to the console-io application until a patch is available.