CVE-2016-11017

Name of the Vulnerable Software and Affected Versions: AKIPS Network Monitor versions 15.37 through 16.5

Description: The application login page allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter. A failed login attempt returns the command-injection output to a limited login failure field.

Recommendations: For AKIPS Network Monitor versions 15.37 through 16.5, update to version 16.6 to resolve the issue. As a temporary workaround, consider restricting access to the login page or avoiding the use of special characters in the username parameter until the update is applied.