Login Sign Up

CVE-2016-5074

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2016-5074 is a format string vulnerability in CloudView NMS that allows remote attackers to execute arbitrary code via specially crafted SNMP requests. This affects CloudView NMS versions before 2.10a. Network administrators using vulnerable versions are at risk of complete system compromise.

💻 Affected Systems

Products:
  • CloudView NMS
Versions: All versions before 2.10a
Operating Systems: All platforms running CloudView NMS
Default Config Vulnerable: ⚠️ Yes
Notes: Any system with CloudView NMS SNMP service enabled and accessible is vulnerable.

📦 What is this software?

Cloudview Nms by Cloudviewnms

View all CVEs affecting Cloudview Nms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, and potential lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attacker to gain control of the NMS server, potentially disrupting network monitoring and management.

🟢

If Mitigated

Denial of service or limited information disclosure if exploit attempts are blocked by network controls.

🌐 Internet-Facing: HIGH - SNMP services are often exposed to internal networks and potentially to the internet, making exploitation straightforward.
🏢 Internal Only: HIGH - Even internally, SNMP is widely accessible and the vulnerability requires no authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Format string vulnerabilities are well-understood and easily weaponized. Public exploit code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.10a and later

Vendor Advisory: http://www.securityfocus.com/bid/98723

Restart Required: Yes

Instructions:

1. Download CloudView NMS version 2.10a or later from vendor. 2. Backup current configuration. 3. Install the updated version. 4. Restart the CloudView NMS service.

🔧 Temporary Workarounds

Block SNMP Access

linux

Restrict access to CloudView NMS SNMP service using firewall rules

iptables -A INPUT -p udp --dport 161 -j DROP
iptables -A INPUT -p tcp --dport 161 -j DROP

Disable SNMP Service

all

Temporarily disable SNMP service in CloudView NMS configuration

Edit CloudView NMS configuration to disable SNMP service

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate CloudView NMS from untrusted networks
  • Deploy intrusion detection systems to monitor for SNMP-based exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check CloudView NMS version via web interface or configuration file. If version is below 2.10a, system is vulnerable.

Check Version:

Check web interface or configuration file for version information

Verify Fix Applied:

Verify version is 2.10a or higher and test SNMP service functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SNMP request patterns
  • Format string error messages in application logs
  • Unexpected process execution

Network Indicators:

  • Malformed SNMP packets to port 161
  • Unusual outbound connections from NMS server

SIEM Query:

source_port=161 AND (payload_contains="%n" OR payload_contains="%s" OR payload_contains="%x")

📊 Metadata

CVE ID: CVE-2016-5074
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-134
Published: April 10, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-5074, you might also want to check these:

CVE-2021-41193 9.8

CVE-2021-41193 is a remote format string vulnerability in wire-avs, the audio visual signaling compo...

Same vulnerability type (CWE-134)
CVE-2021-42911 9.8

This is a critical format string vulnerability in DrayTek router firmware that allows remote attacke...

Same vulnerability type (CWE-134)
CVE-2020-13160 9.8

This CVE describes a format string vulnerability in AnyDesk on Linux and FreeBSD systems that allows...

Same vulnerability type (CWE-134)