ID

VAR-201702-0860


CVE

CVE-2016-9361


TITLE

plural Moxa NPort Vulnerability in product management passwords being retried without authentication

Trust: 0.8

sources: JVNDB: JVNDB-2016-007639

DESCRIPTION

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating. MOXANport is a serial communication server. MoxaNPort has a credential management vulnerability. An unauthenticated attacker exploits the vulnerability to obtain an administrator password. Multiple Moxa NPort products are prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to bypass security restrictions, perform unauthorized actions, gain escalated privileges and execute arbitrary code in the context of the affected application and cause a denial-of-service condition. Successful exploitation will allow an attacker to take control of the affected system. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner def initialize(info = {}) super( update_info( info, 'Name' => 'Moxa UDP Device Discovery', 'Description' => %q( The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines. A discovery packet compels a Moxa device to respond to the sender with some basic device information that is needed for more advanced functions. The discovery data is 8 bytes in length and is the most basic example of the Moxa protocol. It may be sent out as a broadcast (destination 255.255.255.255) or to an individual device. Devices that respond to this query may be vulnerable to serious information disclosure vulnerabilities, such as CVE-2016-9361. The module is the work of Patrick DeSantis of Cisco Talos and is derived from original work by K. Reid Wightman. Tested and validated on a Moxa NPort 6250 with firmware versions 1.13 and 1.15. ), 'Author' => 'Patrick DeSantis <p[at]t-r10t.com>', 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2016-9361'], [ 'URL', 'https://www.digitalbond.com/blog/2016/10/25/serial-killers/'], [ 'URL', 'http://www.moxa.com/support/faq/faq_detail.aspx?id=646' ], ] ) ) register_options( [ # Moxa protocol listens on 4800/UDP by default Opt::RPORT(4800) ]) end # The data to be sent via UDP def build_probe # Function Code (first byte) 0x01: Moxa discovery/identify # The fourth byte is the length of the full data payload @probe ||= "\x01\x00\x00\x08\x00\x00\x00\x00" end # Called for each response packet def scanner_process(response, src_host, _src_port) # The first byte of a response will always be the func code + 0x80 # (the most significant bit of the byte is set to 1, so 0b00000001 # becomes 0b10000001, or 0x81). # A valid response is 24 bytes, starts with 0x81, and contains the values # 0x00, 0x90, 0xe8 (the Moxa OIU) in bytes 14, 15, and 16. return unless response[0] == "\x81" && response[14..16] == "\x00\x90\xe8" && response.length == 24 @results[src_host] ||= [] @results[src_host] << response end # Called after the scan block def scanner_postscan(_batch) @results.each_pair do |host, response| peer = "#{host}:#{rport}" # Report the host report_host( :host => host, :info => "Moxa Device", ) # Report the service report_service( host: host, proto: 'udp', port: rport, name: 'Moxa Protocol', ) if response.empty? vprint_status("#{peer} No Moxa Devices Found.") else print_good("#{peer} Moxa Device Found!") # Report vuln report_vuln( host: host, port: rport, proto: 'udp', name: 'Moxa Protocol Use', refs: references ) end end end end

Trust: 2.7

sources: NVD: CVE-2016-9361 // JVNDB: JVNDB-2016-007639 // CNVD: CNVD-2016-11885 // BID: 85965 // VULHUB: VHN-98181 // VULMON: CVE-2016-9361 // PACKETSTORM: 180949

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11885

AFFECTED PRODUCTS

vendor:moxamodel:nport 5200 seriesscope:lteversion:2.7

Trust: 1.0

vendor:moxamodel:nport 5600 seriesscope:lteversion:3.6

Trust: 1.0

vendor:moxamodel:nport 5400 seriesscope:lteversion:3.10

Trust: 1.0

vendor:moxamodel:nport p5150a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope:lteversion:3.5

Trust: 1.0

vendor:moxamodel:nport 5600-8-dtl seriesscope:lteversion:2.3

Trust: 1.0

vendor:moxamodel:nport 5100a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope:lteversion:2.5

Trust: 1.0

vendor:moxamodel:nport 5x50a1-m12 seriesscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:nport 6100 seriesscope:lteversion:1.13

Trust: 1.0

vendor:moxamodel:nport 5200a seriesscope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:nport 5100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5100a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5110scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5110ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5130scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5130ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5150a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5200 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5200a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5210scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5210ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5230scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5230ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5232scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5232iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5250a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5400 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5410scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5430scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5430iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-ctscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-ct-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450a1-m12-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450iscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5450i-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5600 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5600-8-dtl seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5610scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5610-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5630scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5650i-8-dtlscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 5x50a1-m12 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6100 seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6150scope: - version: -

Trust: 0.8

vendor:moxamodel:nport 6150-tscope: - version: -

Trust: 0.8

vendor:moxamodel:nport p5110ascope: - version: -

Trust: 0.8

vendor:moxamodel:nport p5150a seriesscope: - version: -

Trust: 0.8

vendor:moxamodel:nportscope:eqversion:5110<2.6

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5130/5150<3.6

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5200<2.8

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5400<3.11

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:5600<3.7

Trust: 0.6

vendor:moxamodel:nport p5150ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5100ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5200ascope:ltversion:1.3

Trust: 0.6

vendor:moxamodel:nport 5150ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5250ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5450ai-m12scope:ltversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtscope:ltversion:2.4

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtlscope:ltversion:2.4

Trust: 0.6

vendor:moxamodel:nportscope:eqversion:6x50<1.13.11

Trust: 0.6

vendor:moxamodel:nport ia5450ascope:ltversion:1.4

Trust: 0.6

vendor:moxamodel:nport 6100 seriesscope:eqversion:1.13

Trust: 0.6

vendor:moxamodel:nport 5100 seriesscope:eqversion:3.5

Trust: 0.6

vendor:moxamodel:nport 5600-8-dtl seriesscope:eqversion:2.3

Trust: 0.6

vendor:moxamodel:nport 5100 seriesscope:eqversion:2.5

Trust: 0.6

vendor:moxamodel:nport 5400 seriesscope:eqversion:3.10

Trust: 0.6

vendor:moxamodel:nport p5150a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5100a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5200a seriesscope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:nport 5200 seriesscope:eqversion:2.7

Trust: 0.6

vendor:moxamodel:nport 5x50a1-m12 seriesscope:eqversion:1.1

Trust: 0.6

vendor:moxamodel:nport p5150ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport ia5450ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:6x500

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:66501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:66101.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:64501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:62501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61501.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61101.13

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:61100

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:60000

Trust: 0.3

vendor:moxamodel:nport 5x50ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5600-dt/dtlscope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtlscope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:56000

Trust: 0.3

vendor:moxamodel:nport 5450ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:54000

Trust: 0.3

vendor:moxamodel:nport 5250ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nport 5200ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:52000

Trust: 0.3

vendor:moxamodel:nport 5150ai-m12scope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51503.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51303.5

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51102.5

Trust: 0.3

vendor:moxamodel:nport 5100ascope:eqversion:0

Trust: 0.3

vendor:moxamodel:nportscope:eqversion:51000

Trust: 0.3

vendor:moxamodel:nport ia5450ascope:neversion:1.4

Trust: 0.3

vendor:moxamodel:nportscope:neversion:6x501.14

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtlscope:neversion:1.3

Trust: 0.3

vendor:moxamodel:nport 5600-8-dtscope:neversion:2.4

Trust: 0.3

vendor:moxamodel:nportscope:neversion:56003.7

Trust: 0.3

vendor:moxamodel:nport 5450ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nportscope:neversion:54003.11

Trust: 0.3

vendor:moxamodel:nport 5250ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nport 5200ascope:neversion:1.3

Trust: 0.3

vendor:moxamodel:nportscope:neversion:52002.8

Trust: 0.3

vendor:moxamodel:nport 5150ai-m12scope:neversion:1.2

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51503.6

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51303.6

Trust: 0.3

vendor:moxamodel:nportscope:neversion:51102.6

Trust: 0.3

vendor:moxamodel:nport 5100ascope:neversion:1.3

Trust: 0.3

sources: CNVD: CNVD-2016-11885 // BID: 85965 // JVNDB: JVNDB-2016-007639 // CNNVD: CNNVD-201612-030 // NVD: CVE-2016-9361

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9361
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-9361
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-11885
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201612-030
value: HIGH

Trust: 0.6

VULHUB: VHN-98181
value: HIGH

Trust: 0.1

VULMON: CVE-2016-9361
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-9361
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11885
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98181
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9361
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11885 // VULHUB: VHN-98181 // VULMON: CVE-2016-9361 // JVNDB: JVNDB-2016-007639 // CNNVD: CNNVD-201612-030 // NVD: CVE-2016-9361

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-98181 // JVNDB: JVNDB-2016-007639 // NVD: CVE-2016-9361

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-030

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201612-030

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007639

PATCH

title:トップページurl:http://japan.moxa.com/index.htm

Trust: 0.8

title:MoxaNPort Credential Management Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/84974

Trust: 0.6

title:Multiple Moxa Nport Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66082

Trust: 0.6

sources: CNVD: CNVD-2016-11885 // JVNDB: JVNDB-2016-007639 // CNNVD: CNNVD-201612-030

EXTERNAL IDS

db:NVDid:CVE-2016-9361

Trust: 3.6

db:ICS CERTid:ICSA-16-336-02

Trust: 3.5

db:BIDid:85965

Trust: 2.1

db:JVNDBid:JVNDB-2016-007639

Trust: 0.8

db:CNNVDid:CNNVD-201612-030

Trust: 0.7

db:CNVDid:CNVD-2016-11885

Trust: 0.6

db:ICS CERT ALERTid:ICS-ALERT-16-099-01

Trust: 0.3

db:VULHUBid:VHN-98181

Trust: 0.1

db:VULMONid:CVE-2016-9361

Trust: 0.1

db:PACKETSTORMid:180949

Trust: 0.1

sources: CNVD: CNVD-2016-11885 // VULHUB: VHN-98181 // VULMON: CVE-2016-9361 // BID: 85965 // JVNDB: JVNDB-2016-007639 // PACKETSTORM: 180949 // CNNVD: CNNVD-201612-030 // NVD: CVE-2016-9361

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-336-02

Trust: 3.5

url:http://www.securityfocus.com/bid/85965

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9361

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9361

Trust: 0.8

url:http://www.moxa.com/product/vport_sdk.htm

Trust: 0.3

url:https://ics-cert.us-cert.gov/alerts/ics-alert-16-099-01

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/modules/auxiliary/scanner/scada/moxa_discover

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-9361

Trust: 0.1

url:https://github.com/rapid7/metasploit-framework

Trust: 0.1

url:https://metasploit.com/download

Trust: 0.1

url:https://www.digitalbond.com/blog/2016/10/25/serial-killers/'],

Trust: 0.1

url:http://www.moxa.com/support/faq/faq_detail.aspx?id=646'

Trust: 0.1

sources: CNVD: CNVD-2016-11885 // VULHUB: VHN-98181 // VULMON: CVE-2016-9361 // BID: 85965 // JVNDB: JVNDB-2016-007639 // PACKETSTORM: 180949 // CNNVD: CNNVD-201612-030 // NVD: CVE-2016-9361

CREDITS

Reid Wightman of Digital Bonds Labs

Trust: 0.9

sources: BID: 85965 // CNNVD: CNNVD-201612-030

SOURCES

db:CNVDid:CNVD-2016-11885
db:VULHUBid:VHN-98181
db:VULMONid:CVE-2016-9361
db:BIDid:85965
db:JVNDBid:JVNDB-2016-007639
db:PACKETSTORMid:180949
db:CNNVDid:CNNVD-201612-030
db:NVDid:CVE-2016-9361

LAST UPDATE DATE

2024-11-23T21:54:17.013000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11885date:2016-12-06T00:00:00
db:VULHUBid:VHN-98181date:2017-02-17T00:00:00
db:VULMONid:CVE-2016-9361date:2017-02-17T00:00:00
db:BIDid:85965date:2016-12-20T02:04:00
db:JVNDBid:JVNDB-2016-007639date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201612-030date:2016-12-06T00:00:00
db:NVDid:CVE-2016-9361date:2024-11-21T03:01:01.187

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11885date:2016-12-05T00:00:00
db:VULHUBid:VHN-98181date:2017-02-13T00:00:00
db:VULMONid:CVE-2016-9361date:2017-02-13T00:00:00
db:BIDid:85965date:2016-04-08T00:00:00
db:JVNDBid:JVNDB-2016-007639date:2017-03-08T00:00:00
db:PACKETSTORMid:180949date:2024-08-31T23:16:47
db:CNNVDid:CNNVD-201612-030date:2016-04-08T00:00:00
db:NVDid:CVE-2016-9361date:2017-02-13T21:59:02.080