PT-2017-8990 · Opmantek · Nmis
Matthew Kienow
·
Published
2017-04-10
·
Updated
2017-04-14
·
CVE-2016-6534
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Opmantek NMIS versions prior to 4.3.7c
Opmantek NMIS versions prior to 8.5.12G in non-default configurations
Description
The issue concerns command injection via certain commands in the tools.pl CGI script. The affected commands include man, finger, ping, trace, and nslookup.
Recommendations
For versions prior to 4.3.7c, update to version 4.3.7c or later.
For versions prior to 8.5.12G in non-default configurations, update to version 8.5.12G or later.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nmis