CVE-2016-7836

CVSS 9.8 CRITICALEPSS 19.4%● KEVCWE-287

In short

SKYSEA Client View versions 11.221.03 and earlier have a flaw in how they verify user credentials when connecting to the management console over TCP. An attacker can bypass authentication and execute arbitrary code remotely on affected systems.

Technical detail

The vulnerability exists in the authentication processing mechanism for TCP connections between SKYSEA Client View and its management console. An unauthenticated attacker can exploit improper credential verification to achieve remote code execution. The attack requires network access to the management console port but does not require valid credentials.

Summary generated and translated by AI from the official description.

SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Sky Co., LTD. · SKYSEA Client View

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN84995847/index.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7836 https://www.skygroup.jp/security-info/170308.html http://www.securityfocus.com/bid/95062 http://www.skyseaclientview.net/news/161221/