CVE-2016-6445
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.
Una vulnerabilidad en el servicio Extensible Messaging y Presence Protocol (XMPP) del Cisco Meeting Server (CMS) en versiones anteriores a 2.0.6 y Acano Server en versiones anteriores a 1.8.18 y 1.9.x en versiones anteriores a 1.9.6 podría permitir a un atacante remoto no autenticado enmascararse como un usuario legítimo. Esta vulnerabilidad se debe a que el servicio XMPP no procesa correctamente un esquema de autenticación en desuso. Una explotación exitosa puede permitir a un atacante acceder al sistema como otro usuario.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-07-26 CVE Reserved
- 2016-10-27 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/93517 | Vdb Entry | |
| http://www.securitytracker.com/id/1037000 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc | 2017-07-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 1.8.15 Search vendor "Cisco" for product "Meeting Server" and version "1.8.15" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 1.8_base Search vendor "Cisco" for product "Meeting Server" and version "1.8_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 1.9.0 Search vendor "Cisco" for product "Meeting Server" and version "1.9.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 1.9.2 Search vendor "Cisco" for product "Meeting Server" and version "1.9.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.0 Search vendor "Cisco" for product "Meeting Server" and version "2.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.1 Search vendor "Cisco" for product "Meeting Server" and version "2.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.3 Search vendor "Cisco" for product "Meeting Server" and version "2.0.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.4 Search vendor "Cisco" for product "Meeting Server" and version "2.0.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.5 Search vendor "Cisco" for product "Meeting Server" and version "2.0.5" | - |
Affected
| ||||||