CVE-2016-6534: Command Injection
First published: Mon Apr 10 2017(Updated: )
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opmantek Network Management Information System | <=4.3.6f | |
| Opmantek Network Management Information System | <=8.5.10g |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-6534?
CVE-2016-6534 is classified as a high severity vulnerability due to its command injection nature.
How do I fix CVE-2016-6534?
To fix CVE-2016-6534, upgrade Opmantek NMIS to version 4.3.7c or later for versions below 4.3.7, and 8.5.12G or later for 8.5.x versions.
What types of commands are vulnerable in CVE-2016-6534?
CVE-2016-6534 is vulnerable to command injection through the man, finger, ping, trace, and nslookup commands.
Which versions of Opmantek NMIS are affected by CVE-2016-6534?
Versions of Opmantek NMIS prior to 4.3.7c and versions before 8.5.12G are affected if configured non-default.
What impact does CVE-2016-6534 have on systems?
CVE-2016-6534 can allow attackers to execute arbitrary commands on the affected system, compromising its security.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/opmantek
- canonical/opmantek network management information system
- version/opmantek network management information system/4.3.6f
- version/opmantek network management information system/8.5.10g