Arbitrary command execution - CVE-2016-1482
Published: September 23, 2016
Vulnerability identifier: #VU656
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-1482
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability exposes a remote user's possibility to cause arbitrary command execution on the target system.
The weakness exists due to improper input validation. By sending specially crafted data attackers can inject and execute arbitrary commands with elevated privileges.
Successful exploitation of the vulnerability may result in arbitrary command execution on the vulnerable system.
The weakness exists due to improper input validation. By sending specially crafted data attackers can inject and execute arbitrary commands with elevated privileges.
Successful exploitation of the vulnerability may result in arbitrary command execution on the vulnerable system.
How to mitigate CVE-2016-1482
Update to 2.7.