Brianwgray

Name of the Vulnerable Software and Affected Versions: AKIPS Network Monitor versions 15.37 through 16.5 Description: The application login page allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the `username` parameter. A failed login attempt returns the command-injection output to a limited login failure field. Recommendations: For AKIPS Network Monitor versions 15.37 through 16.5, update to version 16.6 to resolve the issue. As a temporary workaround, consider restricting access to the login page or avoiding the use of special characters in the `username` parameter until the update is applied.