6.5

CVE-2016-1444

The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoTelepresence Video Communication Server Software Versionx8.5.1 SwEditionexpressway
CiscoTelepresence Video Communication Server Software Versionx8.5.2 SwEditionexpressway
CiscoTelepresence Video Communication Server Software Versionx8.5.3 SwEditionexpressway
CiscoTelepresence Video Communication Server Software Versionx8.6 SwEditionexpressway
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.289
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/91669
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036237
Third Party Advisory
VDB Entry