CVE-2016-9207

EPSS 0.81%
Veröffentlicht 14.12.2016 00:59:28
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Expressway Versionx8.7.2

Cisco ≫ Expressway Versionx8.8.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.81%	0.72

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/94797

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037422

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-9207

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9207

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9207

EUVD