CVE-2016-6447

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0.

Una vulnerabilidad en Cisco Meeting Server y Meeting App podría permitir a un atacante remoto no autenticado ejecutar código arbitrario en un sistema afectado. Esta vulnerabilidad afecta a los siguientes productos: lanzamientos Cisco Meeting Server anteriores a 2.0.1, lanzamientos Acano Server anteriores a 1.8.16 y anteriores a 1.9.3, lanzamientos Cisco Meeting App anteriores a 1.9.8, lanzamientos Acano Meeting Apps anteriores a 1.8.35. Más información: CSCva75942 CSCvb67878. Lanzamientos conocidos afectados: 1.81.92.0.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-07-26 CVE Reserved
2016-11-03 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/94073	Vdb Entry
http://www.securitytracker.com/id/1037180	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms	2017-07-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Meeting App Search vendor "Cisco" for product "Meeting App"				1.8.0 Search vendor "Cisco" for product "Meeting App" and version "1.8.0"		-		Affected
Cisco Search vendor "Cisco"		Meeting App Search vendor "Cisco" for product "Meeting App"				1.9.0 Search vendor "Cisco" for product "Meeting App" and version "1.9.0"		-		Affected
Cisco Search vendor "Cisco"		Meeting Server Search vendor "Cisco" for product "Meeting Server"				1.8_base Search vendor "Cisco" for product "Meeting Server" and version "1.8_base"		-		Affected
Cisco Search vendor "Cisco"		Meeting Server Search vendor "Cisco" for product "Meeting Server"				1.9.0 Search vendor "Cisco" for product "Meeting Server" and version "1.9.0"		-		Affected
Cisco Search vendor "Cisco"		Meeting Server Search vendor "Cisco" for product "Meeting Server"				2.0.0 Search vendor "Cisco" for product "Meeting Server" and version "2.0.0"		-		Affected