CVE-2016-6601 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in ZOHO WebNMS Framework affects v. before 5.2 SP1.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
792 sec
Scan only one
Url
Toolbox
-
ZOHO WebNMS Framework is a widely used product that serves as a platform for creating network management applications. This framework provides various tools for network management, including network monitoring, device management, and reporting. ZOHO WebNMS Framework is utilized by numerous businesses and organizations across various industries for efficiently managing their networks.
CVE-2016-6601 is a severe vulnerability that was detected in the ZOHO WebNMS Framework. This vulnerability is directly associated with the file download functionality of the framework. Remote attackers could exploit this vulnerability to read any arbitrary file through the ".." in the fileName parameter to servlets/FetchFile. This flaw gives access to unauthorized data, making the management of networks compromised and leaving sensitive information open to cybercriminals.
When exploited, this vulnerability can lead to disastrous consequences. Attackers can gain access to confidential data and use it to their advantage. They can spread malware through the network, steal intellectual property or personal information, and cause reputational damage. All the while, businesses suffer losses in terms of money, credibility, and operations.
At S4E, we specialize in providing cybersecurity solutions designed to keep your digital assets secure. With our cutting-edge features and updates, we guarantee that our platform will keep you protected against the most sophisticated cyber threats. Thanks to our comprehensive approach to cybersecurity, you can rest assured that your networks and devices are protected round the clock. Don't hesitate; sign up today and enjoy the peace of mind that comes with knowing your digital assets are always secure!
REFERENCES
- seclists.org: 20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1
- https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them
- securityfocus.com: 92402
- http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download
- exploit-db.com: 40229
- securityfocus.com: 20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1
- http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure
- http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html
- https://blogs.securiteam.com/index.php/archives/2712
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt