cvelistv5 - cve-2016-1444

CVE-2016-1444 (GCVE-0-2016-1444)

Vulnerability from cvelistv5 – Published: 2016-07-07 14:00 – Updated: 2024-08-05 22:55

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/91669	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1036237	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160706 Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"
          },
          {
            "name": "91669",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91669"
          },
          {
            "name": "1036237",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036237"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-31T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160706 Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"
        },
        {
          "name": "91669",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91669"
        },
        {
          "name": "1036237",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036237"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1444",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160706 Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"
            },
            {
              "name": "91669",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91669"
            },
            {
              "name": "1036237",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036237"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1444",
    "datePublished": "2016-07-07T14:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"935A6CEE-3860-4D6F-A09F-3852ACE2A6C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D72830A-472E-4634-BDE8-B0210DFA88B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"920FE47B-5E1C-4EC3-92C1-D173468CB6C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE36B64A-8826-4B79-ABC3-867325CEDC57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FB9EE33-F267-4CC2-8FDA-724235EE5077\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68882242-65D5-452C-B84C-666C13627A4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD2525F4-19BE-4865-949D-467022385A39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2340556-9735-40A8-B57D-C27A16F3B45A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FABB3CEE-81DB-49FB-8C00-913AFAF9B617\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B49F452-C359-41B2-8A7F-79FE034015FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"074E887D-3234-415A-A339-D74BDE003F83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B99CF9AE-32DE-483A-B0E3-437384E64427\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C16F599-AB82-4609-AADD-BE8D40984DB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD644623-840C-424C-82EE-20FC01A9E56E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:expressway:*:*:*\", \"matchCriteriaId\": \"E66073CB-E4BF-458F-B645-5EFA5FB3067D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*\", \"matchCriteriaId\": \"E549E37F-3D1A-490B-8BEE-482D082486EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*\", \"matchCriteriaId\": \"1BB58937-A990-48B1-89E4-6C0EDADC84E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*\", \"matchCriteriaId\": \"D44B9E1D-623E-4C76-B4DD-5BEACEFF9154\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.\"}, {\"lang\": \"es\", \"value\": \"El componente Mobile and Remote Access (MRA) en Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versi\\u00f3n X8.7 y Expressway X8.1 hasta la versi\\u00f3n X8.6 no maneja correctamente los certificados, lo que permite a atacantes remotos eludir la autenticaci\\u00f3n a trav\\u00e9s de un certificado confiable manipulado, tambi\\u00e9n conocido como Bug ID CSCuz64601.\"}]",
      "id": "CVE-2016-1444",
      "lastModified": "2024-11-21T02:46:27.317",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-07-07T14:59:05.970",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/91669\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036237\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/91669\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036237\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1444\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-07-07T14:59:05.970\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.\"},{\"lang\":\"es\",\"value\":\"El componente Mobile and Remote Access (MRA) en Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versi\u00f3n X8.7 y Expressway X8.1 hasta la versi\u00f3n X8.6 no maneja correctamente los certificados, lo que permite a atacantes remotos eludir la autenticaci\u00f3n a trav\u00e9s de un certificado confiable manipulado, tambi\u00e9n conocido como Bug ID CSCuz64601.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"935A6CEE-3860-4D6F-A09F-3852ACE2A6C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D72830A-472E-4634-BDE8-B0210DFA88B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"920FE47B-5E1C-4EC3-92C1-D173468CB6C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE36B64A-8826-4B79-ABC3-867325CEDC57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB9EE33-F267-4CC2-8FDA-724235EE5077\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68882242-65D5-452C-B84C-666C13627A4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD2525F4-19BE-4865-949D-467022385A39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2340556-9735-40A8-B57D-C27A16F3B45A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FABB3CEE-81DB-49FB-8C00-913AFAF9B617\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B49F452-C359-41B2-8A7F-79FE034015FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"074E887D-3234-415A-A339-D74BDE003F83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B99CF9AE-32DE-483A-B0E3-437384E64427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C16F599-AB82-4609-AADD-BE8D40984DB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD644623-840C-424C-82EE-20FC01A9E56E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"E66073CB-E4BF-458F-B645-5EFA5FB3067D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"E549E37F-3D1A-490B-8BEE-482D082486EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"1BB58937-A990-48B1-89E4-6C0EDADC84E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"D44B9E1D-623E-4C76-B4DD-5BEACEFF9154\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91669\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036237\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

VAR-201607-0425

Vulnerability from variot - Updated: 2024-02-13 22:54

The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. Vendors have confirmed this vulnerability Bug ID CSCuz64601 It is released as.A third party could bypass authentication through any trusted certificate. A remote attacker can exploit this vulnerability to bypass identity and access internal HTTP system resources. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuz64601. The vulnerability is caused by the program not correctly verifying trusted certificates

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0425",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.6.0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.5.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.1.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.5"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.1.1"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.5.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.2.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.2.2"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.5.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.5.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.7"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.5.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.6.1"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.6"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.5.0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.5.2"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "expressway x8.1 to  x8.6"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "x8.1 to  x8.7"
      },
      {
        "model": "telepresence video communication server",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "x8.1"
      },
      {
        "model": "expressway",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "x8.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "x8.1_base"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "x8.2_base"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      },
      {
        "db": "BID",
        "id": "91669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-037"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1444"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:expressway:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1444"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "91669"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1444",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-1444",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2016-04617",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-90263",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-1444",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1444",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-04617",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201607-037",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90263",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-1444",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90263"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-037"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1444"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. Vendors have confirmed this vulnerability Bug ID CSCuz64601 It is released as.A third party could bypass authentication through any trusted certificate. A remote attacker can exploit this vulnerability to bypass identity and access internal HTTP system resources. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCuz64601. The vulnerability is caused by the program not correctly verifying trusted certificates",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      },
      {
        "db": "BID",
        "id": "91669"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90263"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1444"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1444",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "91669",
        "trust": 2.7
      },
      {
        "db": "SECTRACK",
        "id": "1036237",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003511",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-037",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-04617",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-90263",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1444",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90263"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1444"
      },
      {
        "db": "BID",
        "id": "91669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-037"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1444"
      }
    ]
  },
  "id": "VAR-201607-0425",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90263"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      }
    ]
  },
  "last_update_date": "2024-02-13T22:54:50.550000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160706-vcs",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160706-vcs"
      },
      {
        "title": "CiscoVideoCommunicationServer and Expressway Identity Bypass Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/78714"
      },
      {
        "title": "Cisco Video Communication Server  and Expressway Repair measures for security bypass vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62629"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-037"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1444"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160706-vcs"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/91669"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1036237"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1444"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1444"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90263"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1444"
      },
      {
        "db": "BID",
        "id": "91669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-037"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1444"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90263"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1444"
      },
      {
        "db": "BID",
        "id": "91669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-037"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1444"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      },
      {
        "date": "2016-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90263"
      },
      {
        "date": "2016-07-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1444"
      },
      {
        "date": "2016-07-06T00:00:00",
        "db": "BID",
        "id": "91669"
      },
      {
        "date": "2016-07-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      },
      {
        "date": "2016-07-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-037"
      },
      {
        "date": "2016-07-07T14:59:05.970000",
        "db": "NVD",
        "id": "CVE-2016-1444"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-04617"
      },
      {
        "date": "2020-08-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90263"
      },
      {
        "date": "2020-08-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1444"
      },
      {
        "date": "2016-07-08T20:38:00",
        "db": "BID",
        "id": "91669"
      },
      {
        "date": "2016-07-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      },
      {
        "date": "2020-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-037"
      },
      {
        "date": "2020-08-27T18:33:07.723000",
        "db": "NVD",
        "id": "CVE-2016-1444"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-037"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco TelePresence Video Communication Server and  Expressway of  Mobile and Remote Access Vulnerabilities that bypass authentication in components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003511"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "91669"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-037"
      }
    ],
    "trust": 0.9
  }
}

GSD-2016-1444

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1444

Aliases

CVE-2016-1444

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1444",
    "description": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.",
    "id": "GSD-2016-1444"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1444"
      ],
      "details": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.",
      "id": "GSD-2016-1444",
      "modified": "2023-12-13T01:21:24.060932Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1444",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160706 Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"
          },
          {
            "name": "91669",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/91669"
          },
          {
            "name": "1036237",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036237"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:expressway:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1444"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160706 Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"
            },
            {
              "name": "91669",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/91669"
            },
            {
              "name": "1036237",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1036237"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2020-08-27T18:33Z",
      "publishedDate": "2016-07-07T14:59Z"
    }
  }
}

GHSA-5855-5X6F-X6W6

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-07-07T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.",
  "id": "GHSA-5855-5x6f-x6w6",
  "modified": "2022-05-13T01:18:00Z",
  "published": "2022-05-13T01:18:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1444"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91669"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036237"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-1444

Vulnerability from fkie_nvd - Published: 2016-07-07 14:59 - Updated: 2025-04-12 10:46

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/91669	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1036237	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91669	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036237	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	telepresence_video_communication_server	x8.1
cisco	telepresence_video_communication_server	x8.1.1
cisco	telepresence_video_communication_server	x8.1.2
cisco	telepresence_video_communication_server	x8.2
cisco	telepresence_video_communication_server	x8.2.1
cisco	telepresence_video_communication_server	x8.2.2
cisco	telepresence_video_communication_server	x8.5
cisco	telepresence_video_communication_server	x8.5.0
cisco	telepresence_video_communication_server	x8.5.1
cisco	telepresence_video_communication_server	x8.5.2
cisco	telepresence_video_communication_server	x8.5.3
cisco	telepresence_video_communication_server	x8.6.0
cisco	telepresence_video_communication_server	x8.6.1
cisco	telepresence_video_communication_server	x8.7
cisco	telepresence_video_communication_server_software	x8.5.1
cisco	telepresence_video_communication_server_software	x8.5.2
cisco	telepresence_video_communication_server_software	x8.5.3
cisco	telepresence_video_communication_server_software	x8.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "935A6CEE-3860-4D6F-A09F-3852ACE2A6C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D72830A-472E-4634-BDE8-B0210DFA88B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "920FE47B-5E1C-4EC3-92C1-D173468CB6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE36B64A-8826-4B79-ABC3-867325CEDC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FB9EE33-F267-4CC2-8FDA-724235EE5077",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68882242-65D5-452C-B84C-666C13627A4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "BD2525F4-19BE-4865-949D-467022385A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2340556-9735-40A8-B57D-C27A16F3B45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABB3CEE-81DB-49FB-8C00-913AFAF9B617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B49F452-C359-41B2-8A7F-79FE034015FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "074E887D-3234-415A-A339-D74BDE003F83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B99CF9AE-32DE-483A-B0E3-437384E64427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C16F599-AB82-4609-AADD-BE8D40984DB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD644623-840C-424C-82EE-20FC01A9E56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "E66073CB-E4BF-458F-B645-5EFA5FB3067D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "E549E37F-3D1A-490B-8BEE-482D082486EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "1BB58937-A990-48B1-89E4-6C0EDADC84E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D44B9E1D-623E-4C76-B4DD-5BEACEFF9154",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601."
    },
    {
      "lang": "es",
      "value": "El componente Mobile and Remote Access (MRA) en Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versi\u00f3n X8.7 y Expressway X8.1 hasta la versi\u00f3n X8.6 no maneja correctamente los certificados, lo que permite a atacantes remotos eludir la autenticaci\u00f3n a trav\u00e9s de un certificado confiable manipulado, tambi\u00e9n conocido como Bug ID CSCuz64601."
    }
  ],
  "id": "CVE-2016-1444",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-07T14:59:05.970",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91669"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036237"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-04617

Vulnerability from cnvd - Published: 2016-07-08

Title

Cisco Video Communication Server和Expressway身份绕过漏洞

Description

Cisco Expressway和Cisco TelePresence Video Communication Server（VCS）都是美国思科（Cisco）公司的网真视频通信服务器，它能够与统一通信和语音通信环境集成，从而为使用各种通信工具的最终用户提供最佳体验。 Cisco Expressway Series和TelePresence VCS X8.1及之后版本的Mobile and Remote Access (MRA)功能的证书管理和验证中存在身份绕过漏洞，该漏洞源于程序未能正确验证可信的证书。远程攻击者可利用该漏洞绕过身份，访问内部HTTP系统资源。

Severity

中

Patch Name

Cisco Video Communication Server和Expressway身份绕过漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs/

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs

Impacted products

Name
['Cisco TelePresence Video Communication Server (VCS) >=X8.1', 'Cisco Expressway >=X8.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "91669"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1444"
    }
  },
  "description": "Cisco Expressway\u548cCisco TelePresence Video Communication Server\uff08VCS\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u7f51\u771f\u89c6\u9891\u901a\u4fe1\u670d\u52a1\u5668\uff0c\u5b83\u80fd\u591f\u4e0e\u7edf\u4e00\u901a\u4fe1\u548c\u8bed\u97f3\u901a\u4fe1\u73af\u5883\u96c6\u6210\uff0c\u4ece\u800c\u4e3a\u4f7f\u7528\u5404\u79cd\u901a\u4fe1\u5de5\u5177\u7684\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u6700\u4f73\u4f53\u9a8c\u3002\r\n\r\nCisco Expressway Series\u548cTelePresence VCS X8.1\u53ca\u4e4b\u540e\u7248\u672c\u7684Mobile and Remote Access (MRA)\u529f\u80fd\u7684\u8bc1\u4e66\u7ba1\u7406\u548c\u9a8c\u8bc1\u4e2d\u5b58\u5728\u8eab\u4efd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u53ef\u4fe1\u7684\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\uff0c\u8bbf\u95ee\u5185\u90e8HTTP\u7cfb\u7edf\u8d44\u6e90\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04617",
  "openTime": "2016-07-08",
  "patchDescription": "Cisco Expressway\u548cCisco TelePresence Video Communication Server\uff08VCS\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u7f51\u771f\u89c6\u9891\u901a\u4fe1\u670d\u52a1\u5668\uff0c\u5b83\u80fd\u591f\u4e0e\u7edf\u4e00\u901a\u4fe1\u548c\u8bed\u97f3\u901a\u4fe1\u73af\u5883\u96c6\u6210\uff0c\u4ece\u800c\u4e3a\u4f7f\u7528\u5404\u79cd\u901a\u4fe1\u5de5\u5177\u7684\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u6700\u4f73\u4f53\u9a8c\u3002\r\n\r\nCisco Expressway Series\u548cTelePresence VCS X8.1\u53ca\u4e4b\u540e\u7248\u672c\u7684Mobile and Remote Access (MRA)\u529f\u80fd\u7684\u8bc1\u4e66\u7ba1\u7406\u548c\u9a8c\u8bc1\u4e2d\u5b58\u5728\u8eab\u4efd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u53ef\u4fe1\u7684\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\uff0c\u8bbf\u95ee\u5185\u90e8HTTP\u7cfb\u7edf\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Video Communication Server\u548cExpressway\u8eab\u4efd\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco TelePresence Video Communication Server (VCS) \u003e=X8.1",
      "Cisco Expressway \u003e=X8.1"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs",
  "serverity": "\u4e2d",
  "submitTime": "2016-07-07",
  "title": "Cisco Video Communication Server\u548cExpressway\u8eab\u4efd\u7ed5\u8fc7\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1444 (GCVE-0-2016-1444)

VAR-201607-0425

GSD-2016-1444

GHSA-5855-5X6F-X6W6

FKIE_CVE-2016-1444

CNVD-2016-04617

Tags

Sightings

Nomenclature