[CDP-development] TLP:GREEN (Vulnerability Alert Notification) CVE-2016-7836: SKYSEA Client View Improper Authentication Vulnerability

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Tue Oct 14 14:11:55 PDT 2025 

Good afternoon,

The SOC Services team is reporting on the vulnerability: CVE-2016-7836: SKYSEA Client View Improper Authentication vulnerability. Due to its high visibility, we are providing this in-depth information:

History: On November 25, 2016, SkySea released a security advisory regarding a vulnerability discovered in their client view software. The vulnerability has been assigned a CVSSv3 score of 9.8 (Critical) by NIST.

Affected versions:

  *   SKYSEA Client View ≤ 11.221.03


Fixed Versions:

  *   SKYSEA Client View Ver.11.300.08h


Intelligence: As of October 14, 2025, CISA has confirmed the vulnerability as being exploited in the wild and has added it to the Known Exploited Vulnerabilities Catalog.

For more information regarding the activity observed by the SkySea Client View team please see the link here: https://www.jpcert.or.jp/english/at/2016/at160051.html

Exploitability: Low Complexity, Network Exploitability
Exploit Maturity: PoC
Remotely Exploitable: Yes
Proof of Concept Available: Yes
Zero Day: No

Workarounds: Restrict access to the management console via firewall or network segmentation

How it works: SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.

Post-Exploit: Upon successful exploitation of the vulnerability, it can execute remote code with system privileges and could fully compromise managed endpoints and potentially allow lateral movement.

As of October 14, 2025, Tenable has not released any plugins for the vulnerability and has no plugins in the pipeline.

Recommended Actions:


  *   Apply vendor patch and restrict console access to trusted IPs
  *   Monitor for unusual TCP activity on port 18700
  *   Apply the suggestions in the "Workarounds" section.
  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.


[cid:image001.png at 01DC3D13.EA904A70]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20251014/85dd4a28/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20251014/85dd4a28/attachment-0001.png>

More information about the CDP-development mailing list