FKIE_CVE-2016-6447

Vulnerability from fkie_nvd - Published: 2016-11-03 21:59 - Updated: 2025-04-12 10:46
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/94073
psirt@cisco.comhttp://www.securitytracker.com/id/1037180
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cmsVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94073
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037180
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cmsVendor Advisory
Impacted products
Vendor Product Version
cisco meeting_app 1.8.0
cisco meeting_app 1.9.0
cisco meeting_server 1.8_base
cisco meeting_server 1.9.0
cisco meeting_server 2.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:meeting_app:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "246A1F5B-B988-4CAE-A79F-6BA5778A9040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_app:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "52AA6758-9C2E-4AD5-B1C2-CDCE85EA8344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CD09398-8DBF-4467-9BE3-A9297AE247AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1691992B-DD39-43CA-BD51-800EEE19F224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C48DC084-1DD2-4878-B1DB-1035CAE3B918",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco Meeting Server y Meeting App podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario en un sistema afectado. Esta vulnerabilidad afecta a los siguientes productos: lanzamientos Cisco Meeting Server anteriores a 2.0.1, lanzamientos Acano Server anteriores a 1.8.16 y anteriores a 1.9.3, lanzamientos Cisco Meeting App anteriores a 1.9.8, lanzamientos Acano Meeting Apps anteriores a 1.8.35. M\u00e1s informaci\u00f3n: CSCva75942 CSCvb67878. Lanzamientos conocidos afectados: 1.81.92.0."
    }
  ],
  "id": "CVE-2016-6447",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-03T21:59:04.217",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/94073"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1037180"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.