CVE-2016-10157 Akamai CVE debrief

Who should care

Administrators and security teams responsible for systems running Akamai NetSession 1.9.3.1, endpoint hardening teams, and responders investigating unexpected DLL load behavior in Akamai processes.

Technical summary

NVD records the vulnerable CPE as akamai:netsession:1.9.3.1 and assigns a Critical CVSS 3.0 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The issue is described as Akamai NetSession loading CSUNSAPI.dll without a fully qualified path, while the DLL is absent from the installation. In practice, that creates a DLL hijacking opportunity. NVD maps the weakness to CWE-94, though the behavior is commonly discussed as a DLL search-order hijack.

Defensive priority

Critical. Remove or update affected NetSession installations as soon as possible, and treat any unexpected DLL load from the NetSession process as a high-priority investigation.

Recommended defensive actions

• Inventory systems for Akamai NetSession 1.9.3.1 and any remaining installations.
• Upgrade, replace, or uninstall the affected software using vendor-supported remediation if available.
• Apply application control and DLL-loading hardening to reduce the risk of untrusted DLLs loading into trusted processes.
• Monitor for CSUNSAPI.dll or similarly named DLLs in writable search locations and for unusual NetSession process behavior.
• Investigate endpoints for suspicious code execution or persistence associated with the NetSession process.

Evidence notes

The CVE description and NVD record both state that Akamai NetSession 1.9.3.1 loads CSUNSAPI.dll without a full path and that the DLL is missing from the installation, enabling hijacking and code injection into the process space. NVD lists a vulnerable CPE for akamai:netsession:1.9.3.1, assigns CVSS 3.0 9.8, maps the weakness to CWE-94, and cites SecurityFocus BID 95995 plus a Packet Storm third-party advisory.

Official resources