Lucene search

CiscoCVE-2016-6447

HistoryNov 03, 2016 - 9:59 p.m.

CVE-2016-6447

2016-11-0321:59:04

CWE-119

cisco

web.nvd.nist.gov

cisco

meeting server

meeting app

vulnerability

remote code execution

nvd

cve-2016-6447

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0.

Affected configurations

Nvd

Node

ciscomeeting_appMatch1.8.0

ciscomeeting_appMatch1.9.0

ciscomeeting_serverMatch1.8_base

ciscomeeting_serverMatch1.9.0

ciscomeeting_serverMatch2.0.0

VendorProductVersionCPE
ciscomeeting_app1.8.0cpe:2.3:a:cisco:meeting_app:1.8.0:*:*:*:*:*:*:*
ciscomeeting_app1.9.0cpe:2.3:a:cisco:meeting_app:1.9.0:*:*:*:*:*:*:*
ciscomeeting_server1.8_basecpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*
ciscomeeting_server1.9.0cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*
ciscomeeting_server2.0.0cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	meeting_app	1.8.0	cpe:2.3:a:cisco:meeting_app:1.8.0:::::::*
cisco	meeting_app	1.9.0	cpe:2.3:a:cisco:meeting_app:1.9.0:::::::*
cisco	meeting_server	1.8_base	cpe:2.3:a:cisco:meeting_server:1.8_base:::::::*
cisco	meeting_server	1.9.0	cpe:2.3:a:cisco:meeting_server:1.9.0:::::::*
cisco	meeting_server	2.0.0	cpe:2.3:a:cisco:meeting_server:2.0.0:::::::*

CNA Affected

[
  {
    "product": "Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94073

www.securitytracker.com/id/1037180

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON

Related for CVE-2016-6447