Arbitrary code execution - CVE-2016-6645
Published: October 5, 2016
Vulnerability identifier: #VU764
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6645
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote user to gain root privileges and cause arbitrary code execution on the target language.
The weakness is caused by input validation flaw in the vApp Manager in the GetSymmCmdRequest and RemoteServiceHandler classes. By connecting to port 5480 and causing that error attacker can trigger arbitrary code execution.
Successful exploitation of the vulnerability resuts in arbitrary code execution on the vulnerable system.
The weakness is caused by input validation flaw in the vApp Manager in the GetSymmCmdRequest and RemoteServiceHandler classes. By connecting to port 5480 and causing that error attacker can trigger arbitrary code execution.
Successful exploitation of the vulnerability resuts in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-6645
Update to version 8.3.0.