#VU782 Information disclosure - CVE-2016-6435
Published: October 5, 2016 / Updated: October 7, 2016
Vulnerability identifier: #VU782
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2016-6435
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Software vendor:
Description
The vulnerability allows a remote authenticated user to obtain potentially sensitive data on the target system.
The weakness is due to improper input validation. Attackers can send a specially crafted parameter to the web console which when received by the victim allows a malicious user to read arbitrary files on the affected operating system.
Successful exploitation of the vulnerability leads to sensitive insormation disclosure.
The weakness is due to improper input validation. Attackers can send a specially crafted parameter to the web console which when received by the victim allows a malicious user to read arbitrary files on the affected operating system.
Successful exploitation of the vulnerability leads to sensitive insormation disclosure.