CVE-2016-6603

CRITICAL

ZOHO WebNMS Framework 5.2-5.2 SP1 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-6603. PoCs published by Pedro Ribeiro.

AI-analyzed exploit summary The document describes multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1, including directory traversal leading to RCE, file download via traversal, weak password obfuscation, and user impersonation. CVE-2016-6603 specifically covers user account impersonation via the 'UserName' HTTP header.

Description

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.

Exploits (1)

exploitdb WRITEUP

by Pedro Ribeiro · textwebappsjsp

https://www.exploit-db.com/exploits/40229

View Code ZIP pw:eip

The document describes multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1, including directory traversal leading to RCE, file download via traversal, weak password obfuscation, and user impersonation. CVE-2016-6603 specifically covers user account impersonation via the 'UserName' HTTP header.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WebNMS Framework Server 5.2 and 5.2 SP1

No auth needed

Prerequisites: Network access to the WebNMS server

MITRE ATT&CK