CVE-2016-10593

Name of the Vulnerable Software and Affected Versions ibapi versions prior to 2.5.6

Description The issue allows for potential remote code execution (RCE) due to the insecure download of binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. If an attacker is on the network or positioned between the user and the remote server, they may swap the requested binary with an attacker-controlled binary. This could result in code execution on the system running ibapi.

Recommendations For versions prior to 2.5.6, consider avoiding the use of this package until a patch is available. Alternatively, reduce the risk of exploitation by ensuring the package is not installed while connected to a public network. If installed on a private network, only those who have compromised the network or have privileged access to the ISP can exploit this vulnerability.