PT-2017-9001 · Zoho · Zoho Webnms Framework

Pedro Ribeiro

Published

2017-01-23

Updated

2018-10-09

CVE-2016-6603

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ZOHO WebNMS Framework versions 5.2 and 5.2 SP1

Description The issue allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.

Recommendations For ZOHO WebNMS Framework versions 5.2 and 5.2 SP1, consider restricting access to the UserName HTTP header until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-6603

Affected Products

Zoho Webnms Framework

PT-2017-9001 · Zoho · Zoho Webnms Framework

CVE-2016-6603

Weakness Enumeration

Related Identifiers

Affected Products

References · 10