Information disclosure - CVE-2016-6435
Published: October 5, 2016 / Updated: October 7, 2016
Vulnerability identifier: #VU782
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2016-6435
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote authenticated user to obtain potentially sensitive data on the target system.
The weakness is due to improper input validation. Attackers can send a specially crafted parameter to the web console which when received by the victim allows a malicious user to read arbitrary files on the affected operating system.
Successful exploitation of the vulnerability leads to sensitive insormation disclosure.
The weakness is due to improper input validation. Attackers can send a specially crafted parameter to the web console which when received by the victim allows a malicious user to read arbitrary files on the affected operating system.
Successful exploitation of the vulnerability leads to sensitive insormation disclosure.