CVE-2016-10599

Name of the Vulnerable Software and Affected Versions sauce-connect versions prior to the latest available update (no specific version specified)

Description The issue concerns the insecure download of binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. If an attacker is positioned on the network or between the user and the remote server, they may be able to swap the requested binary with a malicious one, potentially leading to remote code execution (RCE) on the system running sauce-connect.

Recommendations For all affected versions of sauce-connect, consider avoiding the use of this package and opt for a different package if available. As a mitigation measure, reduce the risk of exploitation by ensuring sauce-connect is not installed while connected to a public network. If installed on a private network, be aware that only those who have compromised the network or have privileged access to the ISP can exploit this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.