VAR-201611-0159
Vulnerability from variot - Updated: 2023-12-18 13:24A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0. Vendors have confirmed this vulnerability Bug ID CSCva75942 and CSCvb67878 It is released as.A third party may execute arbitrary code. This issue being tracked by Cisco Bug ID CSCva75942 and CSCvb67878. Cisco Meeting Server (formerly known as Acano Conferencing Server, CMS) and so on are products of Cisco (Cisco). CMS is a set of conference server software including audio and video; Cisco Meeting App is a set of applications for creating, joining and running conference video systems. A buffer overflow vulnerability exists in several Cisco products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0159",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "meeting app",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.9.0"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.8_base"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.0"
},
{
"model": "meeting app",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.8.0"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.9.0"
},
{
"model": "meeting server",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "(acano server)"
},
{
"model": "meeting application",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.8.35"
},
{
"model": "meeting application",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "(acano apps)"
},
{
"model": "meeting server",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.9.x (acano server)"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.9.3"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.8.16"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "meeting apps",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "meeting app",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "acano server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.9"
},
{
"model": "acano server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.8"
},
{
"model": "meeting server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.1"
},
{
"model": "meeting apps",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.8.35"
},
{
"model": "meeting app",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.9.8"
},
{
"model": "acano server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.9.3"
},
{
"model": "acano server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.8.16"
}
],
"sources": [
{
"db": "BID",
"id": "94073"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005731"
},
{
"db": "NVD",
"id": "CVE-2016-6447"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:meeting_app:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:meeting_app:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6447"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "94073"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6447",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-6447",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-95267",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-6447",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6447",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-006",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-95267",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6447",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95267"
},
{
"db": "VULMON",
"id": "CVE-2016-6447"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005731"
},
{
"db": "NVD",
"id": "CVE-2016-6447"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0. Vendors have confirmed this vulnerability Bug ID CSCva75942 and CSCvb67878 It is released as.A third party may execute arbitrary code. \nThis issue being tracked by Cisco Bug ID CSCva75942 and CSCvb67878. Cisco Meeting Server (formerly known as Acano Conferencing Server, CMS) and so on are products of Cisco (Cisco). CMS is a set of conference server software including audio and video; Cisco Meeting App is a set of applications for creating, joining and running conference video systems. A buffer overflow vulnerability exists in several Cisco products",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6447"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005731"
},
{
"db": "BID",
"id": "94073"
},
{
"db": "VULHUB",
"id": "VHN-95267"
},
{
"db": "VULMON",
"id": "CVE-2016-6447"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6447",
"trust": 2.9
},
{
"db": "BID",
"id": "94073",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1037180",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-006",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95267",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6447",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95267"
},
{
"db": "VULMON",
"id": "CVE-2016-6447"
},
{
"db": "BID",
"id": "94073"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005731"
},
{
"db": "NVD",
"id": "CVE-2016-6447"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-006"
}
]
},
"id": "VAR-201611-0159",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95267"
}
],
"trust": 0.6714285999999999
},
"last_update_date": "2023-12-18T13:24:36.383000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161102-cms",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-cms"
},
{
"title": "Multiple Cisco Product Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65236"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6447"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005731"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95267"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005731"
},
{
"db": "NVD",
"id": "CVE-2016-6447"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-cms"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/94073"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1037180"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6447"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6447"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95267"
},
{
"db": "VULMON",
"id": "CVE-2016-6447"
},
{
"db": "BID",
"id": "94073"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005731"
},
{
"db": "NVD",
"id": "CVE-2016-6447"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95267"
},
{
"db": "VULMON",
"id": "CVE-2016-6447"
},
{
"db": "BID",
"id": "94073"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005731"
},
{
"db": "NVD",
"id": "CVE-2016-6447"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-95267"
},
{
"date": "2016-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6447"
},
{
"date": "2016-11-02T00:00:00",
"db": "BID",
"id": "94073"
},
{
"date": "2016-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005731"
},
{
"date": "2016-11-03T21:59:04.217000",
"db": "NVD",
"id": "CVE-2016-6447"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-95267"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6447"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94073"
},
{
"date": "2016-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005731"
},
{
"date": "2017-07-29T01:34:18.397000",
"db": "NVD",
"id": "CVE-2016-6447"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Meeting Server and Meeting Vulnerability to execute arbitrary code in application",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-006"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…