Vulnerability Details : CVE-2016-6600
Public exploit exists!
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2016-6600
Probability of exploitation activity in the next 30 days: 97.50%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-6600
-
WebNMS Framework Server Arbitrary File Upload
Disclosure Date: 2016-07-04First seen: 2020-04-26exploit/multi/http/webnms_file_uploadThis module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an unauthenticated user to upload text files by using a directory traversal attack on the FileUploadServlet servlet. A JSP file can be uploaded that then drops and executes a malicious payload, achieving code execution un
CVSS scores for CVE-2016-6600
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-6600
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6600
-
http://www.securityfocus.com/archive/1/539159/100/0/threaded
SecurityFocus
-
https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them
Recent Vulnerabilities in WebNMS and how to protect the server against them - WebNMS Developer Forums
-
http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html
WebNMS Framework 5.2 SP1 Traversal / Weak Obfuscation / User Impersonation ≈ Packet StormExploit;Third Party Advisory
-
http://www.securityfocus.com/bid/92402
WebNMS Framework Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2016/Aug/54
Full Disclosure: [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1Exploit;Mailing List
-
https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
PoC/webnms-5.2-sp1-pwn.txt at master · pedrib/PoC · GitHubExploit
-
https://blogs.securiteam.com/index.php/archives/2712
SSD Advisory - WebNMS Framework Server Multiple Vulnerabilities - SSD Secure DisclosureExploit;Technical Description;Third Party Advisory
-
https://www.exploit-db.com/exploits/40229/
WebNMS Framework Server 5.2/5.2 SP1 - Multiple VulnerabilitiesExploit;Third Party Advisory
Products affected by CVE-2016-6600
- cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*