Vulnerability Details CVE-2016-11017
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.194
EPSS Ranking 95.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2016-11017
-
cpe:2.3:a:akips:network_monitor:15.37
-
cpe:2.3:a:akips:network_monitor:15.38
-
cpe:2.3:a:akips:network_monitor:15.39
-
cpe:2.3:a:akips:network_monitor:15.40
-
cpe:2.3:a:akips:network_monitor:16.1
-
cpe:2.3:a:akips:network_monitor:16.2
-
cpe:2.3:a:akips:network_monitor:16.3
-
cpe:2.3:a:akips:network_monitor:16.4
-
cpe:2.3:a:akips:network_monitor:16.5