cvelistv5 - cve-2016-6445

CVE-2016-6445 (GCVE-0-2016-6445)

Vulnerability from cvelistv5 – Published: 2016-10-27 21:00 – Updated: 2024-08-06 01:29

Summary

Severity ?

No CVSS data available.

CWE

unspecified

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037000	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/93517	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6	Affected: Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.015Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
          },
          {
            "name": "1037000",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037000"
          },
          {
            "name": "93517",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93517"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6"
            }
          ]
        }
      ],
      "datePublic": "2016-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unspecified",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
        },
        {
          "name": "1037000",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037000"
        },
        {
          "name": "93517",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93517"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6445",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unspecified"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
            },
            {
              "name": "1037000",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037000"
            },
            {
              "name": "93517",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93517"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6445",
    "datePublished": "2016-10-27T21:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.015Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8E4843E-E44A-42E8-B83D-AEFC7A8BCE13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CD09398-8DBF-4467-9BE3-A9297AE247AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1691992B-DD39-43CA-BD51-800EEE19F224\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53619071-8A6A-4230-BDEF-B0E1461217C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C48DC084-1DD2-4878-B1DB-1035CAE3B918\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CA9A904-9AB5-4757-ABD1-0F6F933799BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FA8A21E-97BA-4326-9F7B-FCBD480134EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E6FA3F5-752D-45AB-A8CB-6488F409D933\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B80C9BA-07EC-4183-9AAD-3229913C9FD7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el servicio Extensible Messaging y Presence Protocol (XMPP) del Cisco Meeting Server (CMS) en versiones anteriores a 2.0.6 y Acano Server en versiones anteriores a 1.8.18 y 1.9.x en versiones anteriores a 1.9.6 podr\\u00eda permitir a un atacante remoto no autenticado enmascararse como un usuario leg\\u00edtimo. Esta vulnerabilidad se debe a que el servicio XMPP no procesa correctamente un esquema de autenticaci\\u00f3n en desuso. Una explotaci\\u00f3n exitosa puede permitir a un atacante acceder al sistema como otro usuario.\"}]",
      "id": "CVE-2016-6445",
      "lastModified": "2024-11-21T02:56:08.870",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-10-27T21:59:17.063",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93517\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1037000\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93517\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1037000\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6445\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-10-27T21:59:17.063\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el servicio Extensible Messaging y Presence Protocol (XMPP) del Cisco Meeting Server (CMS) en versiones anteriores a 2.0.6 y Acano Server en versiones anteriores a 1.8.18 y 1.9.x en versiones anteriores a 1.9.6 podr\u00eda permitir a un atacante remoto no autenticado enmascararse como un usuario leg\u00edtimo. Esta vulnerabilidad se debe a que el servicio XMPP no procesa correctamente un esquema de autenticaci\u00f3n en desuso. Una explotaci\u00f3n exitosa puede permitir a un atacante acceder al sistema como otro usuario.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8E4843E-E44A-42E8-B83D-AEFC7A8BCE13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD09398-8DBF-4467-9BE3-A9297AE247AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1691992B-DD39-43CA-BD51-800EEE19F224\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53619071-8A6A-4230-BDEF-B0E1461217C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C48DC084-1DD2-4878-B1DB-1035CAE3B918\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CA9A904-9AB5-4757-ABD1-0F6F933799BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FA8A21E-97BA-4326-9F7B-FCBD480134EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E6FA3F5-752D-45AB-A8CB-6488F409D933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B80C9BA-07EC-4183-9AAD-3229913C9FD7\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93517\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1037000\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93517\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201610-0293

Vulnerability from variot - Updated: 2023-12-18 13:39

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user. Vendors have confirmed this vulnerability Bug ID CSCvb62741 It is released as.A third party could impersonate a legitimate user. Cisco Meeting Server is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvb62741. The following products are affected affected: Cisco Meeting Server Versions prior to 2.0.6 are vulnerable. Cisco Acano Server Versions prior to 1.8.18 and 1.9.6 are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0293",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.8_base"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.0.5"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.8.15"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.0.3"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.9.2"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.9.0"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.0.0"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.0.4"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.0.1"
      },
      {
        "model": "meeting server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.9.x (acano server)"
      },
      {
        "model": "meeting server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "(acano server)"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.9.6"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.8.18"
      },
      {
        "model": "meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9.2"
      },
      {
        "model": "meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9"
      },
      {
        "model": "meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.8.15"
      },
      {
        "model": "meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.8"
      },
      {
        "model": "meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7.24"
      },
      {
        "model": "meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "acano server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9"
      },
      {
        "model": "acano server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.8"
      },
      {
        "model": "meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.6"
      },
      {
        "model": "acano server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9.6"
      },
      {
        "model": "acano server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.8.18"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93517"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-803"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6445"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "93517"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-6445",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-6445",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-95265",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-6445",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6445",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-803",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95265",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-803"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user. Vendors have confirmed this vulnerability Bug ID CSCvb62741 It is released as.A third party could impersonate a legitimate user. Cisco Meeting Server is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nThis issue is tracked by Cisco Bug ID CSCvb62741. \nThe following products are affected affected:\nCisco Meeting Server Versions prior to 2.0.6  are vulnerable. \nCisco Acano Server Versions prior to 1.8.18 and 1.9.6 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      },
      {
        "db": "BID",
        "id": "93517"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95265"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6445",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "93517",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1037000",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005699",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-803",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-95265",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95265"
      },
      {
        "db": "BID",
        "id": "93517"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-803"
      }
    ]
  },
  "id": "VAR-201610-0293",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95265"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:39:09.297000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161012-msc",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161012-msc"
      },
      {
        "title": "Cisco Meeting Server Fixes for authentication bypassing vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65138"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-803"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6445"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161012-msc"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/93517"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1037000"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6445"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6445"
      },
      {
        "trust": 0.3,
        "url": "https://www.acano.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95265"
      },
      {
        "db": "BID",
        "id": "93517"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-803"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-95265"
      },
      {
        "db": "BID",
        "id": "93517"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-803"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95265"
      },
      {
        "date": "2016-10-12T00:00:00",
        "db": "BID",
        "id": "93517"
      },
      {
        "date": "2016-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      },
      {
        "date": "2016-10-27T21:59:17.063000",
        "db": "NVD",
        "id": "CVE-2016-6445"
      },
      {
        "date": "2016-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-803"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95265"
      },
      {
        "date": "2016-10-26T02:05:00",
        "db": "BID",
        "id": "93517"
      },
      {
        "date": "2016-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      },
      {
        "date": "2017-07-30T01:29:13.273000",
        "db": "NVD",
        "id": "CVE-2016-6445"
      },
      {
        "date": "2016-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-803"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-803"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Meeting Server and  Acano Server of  XMPP Vulnerability to impersonate a legitimate user in the service",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005699"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-803"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-6445

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6445

Aliases

CVE-2016-6445

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6445",
    "description": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.",
    "id": "GSD-2016-6445"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6445"
      ],
      "details": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.",
      "id": "GSD-2016-6445",
      "modified": "2023-12-13T01:21:23.236366Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6445",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unspecified"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
          },
          {
            "name": "1037000",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037000"
          },
          {
            "name": "93517",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93517"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6445"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
            },
            {
              "name": "93517",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93517"
            },
            {
              "name": "1037000",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037000"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2017-07-30T01:29Z",
      "publishedDate": "2016-10-27T21:59Z"
    }
  }
}

GHSA-GCMR-695P-FX75

Vulnerability from github – Published: 2022-05-17 02:21 – Updated: 2022-05-17 02:21

Details

Severity ?

9.1 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6445"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-27T21:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.",
  "id": "GHSA-gcmr-695p-fx75",
  "modified": "2022-05-17T02:21:46Z",
  "published": "2022-05-17T02:21:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6445"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93517"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037000"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2016-AVI-343

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Prime Infrastructure
Cisco	N/A	Cisco Evolved Programmable Network Manager
Cisco	N/A	Cisco Finesse
Cisco	N/A	Acano Server versions antérieures à 1.8.18 et 1.9.6 avec XMPP activé
Cisco	N/A	Cisco cBR-8 Converged Broadband Routers versions 3.17S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP
Cisco	Unified Communications Manager	Cisco Unified Communications Manager (CUCM)
Cisco	N/A	Cisco Wide Area Application Services (WAAS)
Cisco	N/A	Cisco Meeting Server versions antérieures à 2.0.6 avec XMPP activé

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20161012-ucm du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-waas du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-cbr-8 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-msc du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-fin du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-prime du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-prime du 12 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161012-ucm du 12 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161012-msc du 12 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161012-fin du 12 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161012-cbr-8 du 12 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161012-waas du 12 octobre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Prime Infrastructure",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Evolved Programmable Network Manager",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Acano Server versions ant\u00e9rieures \u00e0 1.8.18 et 1.9.6 avec XMPP activ\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco cBR-8 Converged Broadband Routers versions 3.17S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager (CUCM)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wide Area Application Services (WAAS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Meeting Server versions ant\u00e9rieures \u00e0 2.0.6 avec XMPP activ\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-6442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6442"
    },
    {
      "name": "CVE-2016-6443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6443"
    },
    {
      "name": "CVE-2016-6445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6445"
    },
    {
      "name": "CVE-2016-6437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6437"
    },
    {
      "name": "CVE-2016-6438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6438"
    },
    {
      "name": "CVE-2016-6440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6440"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-prime du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-ucm du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-msc du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-fin du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-cbr-8 du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-waas du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas"
    }
  ],
  "reference": "CERTFR-2016-AVI-343",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-ucm du 12 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-waas du 12 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-cbr-8 du 12 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-msc du 12 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-fin du 12 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-prime du 12 octobre 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-343

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Prime Infrastructure
Cisco	N/A	Cisco Evolved Programmable Network Manager
Cisco	N/A	Cisco Finesse
Cisco	N/A	Acano Server versions antérieures à 1.8.18 et 1.9.6 avec XMPP activé
Cisco	N/A	Cisco cBR-8 Converged Broadband Routers versions 3.17S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP
Cisco	Unified Communications Manager	Cisco Unified Communications Manager (CUCM)
Cisco	N/A	Cisco Wide Area Application Services (WAAS)
Cisco	N/A	Cisco Meeting Server versions antérieures à 2.0.6 avec XMPP activé

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20161012-ucm du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-waas du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-cbr-8 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-msc du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-fin du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-prime du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161012-prime du 12 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161012-ucm du 12 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161012-msc du 12 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161012-fin du 12 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161012-cbr-8 du 12 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161012-waas du 12 octobre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Prime Infrastructure",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Evolved Programmable Network Manager",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Acano Server versions ant\u00e9rieures \u00e0 1.8.18 et 1.9.6 avec XMPP activ\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco cBR-8 Converged Broadband Routers versions 3.17S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager (CUCM)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Wide Area Application Services (WAAS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Meeting Server versions ant\u00e9rieures \u00e0 2.0.6 avec XMPP activ\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-6442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6442"
    },
    {
      "name": "CVE-2016-6443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6443"
    },
    {
      "name": "CVE-2016-6445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6445"
    },
    {
      "name": "CVE-2016-6437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6437"
    },
    {
      "name": "CVE-2016-6438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6438"
    },
    {
      "name": "CVE-2016-6440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6440"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-prime du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-ucm du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-msc du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-fin du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-cbr-8 du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-waas du 12    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas"
    }
  ],
  "reference": "CERTFR-2016-AVI-343",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-ucm du 12 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-waas du 12 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-cbr-8 du 12 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-msc du 12 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-fin du 12 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-prime du 12 octobre 2016",
      "url": null
    }
  ]
}

CNVD-2016-09470

Vulnerability from cnvd - Published: 2016-10-19

Title

Cisco Meeting Server认证绕过漏洞

Description

Cisco Meeting Server（前称Acano Conferencing Server）是美国思科（Cisco）公司的一套包含音频、视频的会议服务器软件。 Cisco Meeting Server 1.8.18至1.9.6版和2.0.6中基于Web的管理界面中存在认证绕过漏洞，攻击者可利用该漏洞来绕过身份验证机制和执行未经授权的操作，或发起进一步攻击。

Severity

中

Patch Name

Cisco Meeting Server认证绕过漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc

Reference

http://www.securityfocus.com/bid/93517 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc

Impacted products

Name
['Cisco Meeting Server >=1.8.18，<=1.9.6', 'Cisco Meeting Server 2.0.6']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93517"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6445"
    }
  },
  "description": "Cisco Meeting Server\uff08\u524d\u79f0Acano Conferencing Server\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u5305\u542b\u97f3\u9891\u3001\u89c6\u9891\u7684\u4f1a\u8bae\u670d\u52a1\u5668\u8f6f\u4ef6\u3002\r\n\r\nCisco Meeting Server 1.8.18\u81f31.9.6\u7248\u548c2.0.6\u4e2d\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u4e2d\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6765\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u548c\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u6216\u53d1\u8d77\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-09470",
  "openTime": "2016-10-19",
  "patchDescription": "Cisco Meeting Server\uff08\u524d\u79f0Acano Conferencing Server\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u5305\u542b\u97f3\u9891\u3001\u89c6\u9891\u7684\u4f1a\u8bae\u670d\u52a1\u5668\u8f6f\u4ef6\u3002\r\n\r\nCisco Meeting Server 1.8.18\u81f31.9.6\u7248\u548c2.0.6\u4e2d\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u4e2d\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6765\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u548c\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u6216\u53d1\u8d77\u8fdb\u4e00\u6b65\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Meeting Server\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Meeting Server \u003e=1.8.18\uff0c\u003c=1.9.6",
      "Cisco Meeting Server 2.0.6"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/93517\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-13",
  "title": "Cisco Meeting Server\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2016-6445

Vulnerability from fkie_nvd - Published: 2016-10-27 21:59 - Updated: 2025-04-12 10:46

Severity ?

9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc	Mitigation, Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/93517
psirt@cisco.com	http://www.securitytracker.com/id/1037000
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93517
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037000

Impacted products

Vendor	Product	Version
cisco	meeting_server	1.8.15
cisco	meeting_server	1.8_base
cisco	meeting_server	1.9.0
cisco	meeting_server	1.9.2
cisco	meeting_server	2.0.0
cisco	meeting_server	2.0.1
cisco	meeting_server	2.0.3
cisco	meeting_server	2.0.4
cisco	meeting_server	2.0.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8E4843E-E44A-42E8-B83D-AEFC7A8BCE13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CD09398-8DBF-4467-9BE3-A9297AE247AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1691992B-DD39-43CA-BD51-800EEE19F224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "53619071-8A6A-4230-BDEF-B0E1461217C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C48DC084-1DD2-4878-B1DB-1035CAE3B918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA9A904-9AB5-4757-ABD1-0F6F933799BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA8A21E-97BA-4326-9F7B-FCBD480134EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E6FA3F5-752D-45AB-A8CB-6488F409D933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B80C9BA-07EC-4183-9AAD-3229913C9FD7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el servicio Extensible Messaging y Presence Protocol (XMPP) del Cisco Meeting Server (CMS) en versiones anteriores a 2.0.6 y Acano Server en versiones anteriores a 1.8.18 y 1.9.x en versiones anteriores a 1.9.6 podr\u00eda permitir a un atacante remoto no autenticado enmascararse como un usuario leg\u00edtimo. Esta vulnerabilidad se debe a que el servicio XMPP no procesa correctamente un esquema de autenticaci\u00f3n en desuso. Una explotaci\u00f3n exitosa puede permitir a un atacante acceder al sistema como otro usuario."
    }
  ],
  "id": "CVE-2016-6445",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-27T21:59:17.063",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93517"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1037000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037000"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6445 (GCVE-0-2016-6445)

VAR-201610-0293

GSD-2016-6445

GHSA-GCMR-695P-FX75

CERTFR-2016-AVI-343

Solution

CERTFR-2016-AVI-343

Solution

CNVD-2016-09470

FKIE_CVE-2016-6445

Tags

Sightings

Nomenclature