CVE-2016-10157

CRITICAL

Akamai NetSession 1.9.3.1 - Code Injection

Title source: llm
STIX 2.1

Description

Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95995

Scores

CVSS v3 9.8
EPSS 0.0224
EPSS Percentile 80.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
akamai/netsession 1.9.3.1
Published Jan 23, 2017
Tracked Since Feb 18, 2026