#VU1137 Security bypass - CVE-2016-9111
Published: November 2, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU1137
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-9111
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Software vendor:
Description
The vulnerability allows a local user to bypass security restrictions on the target system.
The weaknes is due to improper access control. By disconnecting the target system from the network and reconnecting it to the network, a local user can unlock the screen and obtain the valid user's account.
Successful exploitation of the vulnerability results in a local attacler's user to the vulnerable system.
The weaknes is due to improper access control. By disconnecting the target system from the network and reconnecting it to the network, a local user can unlock the screen and obtain the valid user's account.
Successful exploitation of the vulnerability results in a local attacler's user to the vulnerable system.
Remediation
Securitylab is currently unaware of the patches addressing the vulnerability.