← back
CVE-2016-6602

CVE-2016-6602

EPSS 55.1%

Patch soon. has a working public exploit.

Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 55.1%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
04 Jul 2016Metasploit module available
10 Aug 2016Public PoC
23 Jan 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.