CVE-2016-10157

{"id": "CVE-2016-10157", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-01-23T07:59:00.393", "references": [{"url": "http://www.securityfocus.com/bid/95995", "source": "cve@mitre.org"}, {"url": "https://packetstormsecurity.com/files/140366/Akamai-NetSession-1.9.3.1-DLL-Hijacking.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/95995", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://packetstormsecurity.com/files/140366/Akamai-NetSession-1.9.3.1-DLL-Hijacking.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space."}, {"lang": "es", "value": "Akamai NetSession 1.9.3.1 es vulnerable a DLL Hijacking: trata de cargar CSUNSAPI.dll sin suministrar la ruta completa. El problema es agravado porque la DLL mencionada est\u00e1 desaparecida de la instalaci\u00f3n, haciendo posible secuestrar la DLL y posteriormente inyectar c\u00f3digo dentro del espacio de proceso Akamai NetSession."}], "lastModified": "2024-11-21T02:43:26.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:akamai:netsession:1.9.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "457B5085-B0B2-4894-9993-5602F1B46C6C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}