CVE-2016-6445

EPSS 0.77%
Veröffentlicht 27.10.2016 21:59:17
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Meeting Server Version1.8.15

Cisco ≫ Meeting Server Version1.8_base

Cisco ≫ Meeting Server Version1.9.0

Cisco ≫ Meeting Server Version1.9.2

Cisco ≫ Meeting Server Version2.0.0

Cisco ≫ Meeting Server Version2.0.1

Cisco ≫ Meeting Server Version2.0.3

Cisco ≫ Meeting Server Version2.0.4

Cisco ≫ Meeting Server Version2.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.77%	0.712

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc

Vendor Advisory

Mitigation

http://www.securityfocus.com/bid/93517

http://www.securitytracker.com/id/1037000

https://nvd.nist.gov/vuln/detail/CVE-2016-6445

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6445

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6445

EUVD