Access bypass - CVE-2016-8353
Published: October 13, 2016 / Updated: October 14, 2016
Vulnerability identifier: #VU993
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8353
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain access to the IP system on the target system.
The weakness exists due to insufficient access control. If the service account user has elevated privileges, it's possible to obtain the PI System with no permission.
Successful exploitation of the vulnerability results in access to the IP system on the vulnerable system.
The weakness exists due to insufficient access control. If the service account user has elevated privileges, it's possible to obtain the PI System with no permission.
Successful exploitation of the vulnerability results in access to the IP system on the vulnerable system.
How to mitigate CVE-2016-8353
Update to version 1.7.0.176.