CVE-2016-2057
3.3
LOW
CVSS 3.1
EPSS 0.10%
Description
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
How to fix CVE-2016-2057
To remediate CVE-2016-2057, upgrade the affected package to a fixed version below.
- Debian/xymon—upgrade to 4.3.25-1 or later
Is CVE-2016-2057 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.3.25-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |