← back
CVE-2016-1611

CVE-2016-1611

EPSS 1.2%
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS EPSS 1.2%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
25 Jul 2016Public PoC
01 Aug 2016Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.