Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-eens-u1sp-17em
Vulnerability ID VCID-eens-u1sp-17em
Aliases CVE-2016-10708
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3.1 7.5 http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
ssvc Track http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10708.json
cvssv3.1 7.5 https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
ssvc Track https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
epss 0.0312 https://api.first.org/data/v1/epss?cve=CVE-2016-10708
epss 0.0312 https://api.first.org/data/v1/epss?cve=CVE-2016-10708
cvssv3.1 7.5 https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
ssvc Track https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
cvssv3 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://kc.mcafee.com/corporate/index?page=content&id=SB10284
ssvc Track https://kc.mcafee.com/corporate/index?page=content&id=SB10284
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html
ssvc Track https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
ssvc Track https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20180423-0003/
ssvc Track https://security.netapp.com/advisory/ntap-20180423-0003/
cvssv3.1 7.5 https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS
ssvc Track https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS
cvssv3.1 7.5 https://usn.ubuntu.com/3809-1/
ssvc Track https://usn.ubuntu.com/3809-1/
cvssv3.1 7.5 https://www.openssh.com/releasenotes.html
ssvc Track https://www.openssh.com/releasenotes.html
cvssv3.1 7.5 http://www.securityfocus.com/bid/102780
ssvc Track http://www.securityfocus.com/bid/102780
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10708.json
https://api.first.org/data/v1/epss?cve=CVE-2016-10708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
102780 http://www.securityfocus.com/bid/102780
1537929 https://bugzilla.redhat.com/show_bug.cgi?id=1537929
3809-1 https://usn.ubuntu.com/3809-1/
fuzzing-tcp-servers.html http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
?id=28652bca29046f62c7045e933e6b931de1d16737 https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
index?page=content&id=SB10284 https://kc.mcafee.com/corporate/index?page=content&id=SB10284
K32485746?utm_source=f5support&amp%3Butm_medium=RSS https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS
msg00010.html https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
msg00031.html https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html
ntap-20180423-0003 https://security.netapp.com/advisory/ntap-20180423-0003/
releasenotes.html https://www.openssh.com/releasenotes.html
RHSA-2017:2029 https://access.redhat.com/errata/RHSA-2017:2029
ssa-676336.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10708.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10284
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10284
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20180423-0003/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at https://security.netapp.com/advisory/ntap-20180423-0003/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://usn.ubuntu.com/3809-1/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at https://usn.ubuntu.com/3809-1/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openssh.com/releasenotes.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at https://www.openssh.com/releasenotes.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.securityfocus.com/bid/102780
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/ Found at http://www.securityfocus.com/bid/102780
Exploit Prediction Scoring System (EPSS)
Percentile 0.87132
EPSS Score 0.0312
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:05:10.586290+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 38.6.0