Remote Code Execution Vulnerability in SKYSEA Client View Management Console
CVE-2016-7836

9.8CRITICAL

Key Information:

Vendor

Sky Co., Ltd.

Status
Skysea Client View
Vendor
CVE Published:
9 June 2017

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 46%๐Ÿฆ… CISA Reported

What is CVE-2016-7836?

The SKYSEA Client View software prior to version 11.221.03 is susceptible to a vulnerability that allows attackers to execute arbitrary code remotely. This arises from improper authentication handling over TCP connections with the management console program, posing a significant risk to users. It is crucial for organizations utilizing this product to upgrade to the latest version to mitigate potential exploitation.

CISA has reported CVE-2016-7836

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2016-7836 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

SKYSEA Client View Ver.11.221.03 and earlier

References

http://www.skyseaclientview.net/news/161221/
x_refsource_CONFIRM
https://www.skygroup.jp/security-info/170308.html
x_refsource_CONFIRM
https://jvn.jp/en/jp/JVN84995847/index.html
third-party-advisoryx_refsource_JVN

EPSS Score

46% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿฆ…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.