How severe is CVE-2016-10532?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2016-10532?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2016-10532

CRITICAL Year: 2016

CVSS v3 Score

9.8

Critical

CVSS v2 Score

10.0

Critical

Weakness Type

CWE-287

View all →

Vulnerability Description

console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.

CVE-2007-4043

CRITICAL

CVSS:9.8(Critical)

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE:...

CWE-2872007

CVE-2007-6759

CRITICAL

CVSS:9.8(Critical)

Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.

CWE-2872007

CVE-2007-6760

CRITICAL

CVSS:9.8(Critical)

Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.

CWE-2872007

CVE-2009-2168

CRITICAL

CVSS:9.8(Critical)

cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypas...

CWE-2872009

CVE-2009-2382

CRITICAL

CVSS:9.8(Critical)

admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.

CWE-2872009

CVE-2009-2422

CRITICAL

CVSS:9.8(Critical)

The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead o...

CWE-2872009

CVE-2016-10532

Vulnerability Description

Related Vulnerabilities

CVE-2007-4043

CVE-2007-6759

CVE-2007-6760

CVE-2009-2168

CVE-2009-2382

CVE-2009-2422