cnvd-2016-10610
Vulnerability from cnvd
Title
Cisco Meeting Server和Meeting App缓冲区溢出漏洞
Description
Cisco Meeting Server(前称Acano Conferencing Server)是美国思科(Cisco)公司的一套包含音频、视频的会议服务器软件。 Cisco Meeting Server、Meeting App未执行用户数据的边界检查存在安全漏洞,可使远程攻击者在受影响系统上执行任意代码。
Severity
Patch Name
Cisco Meeting Server和Meeting App缓冲区溢出漏洞的补丁
Patch Description
Cisco Meeting Server(前称Acano Conferencing Server)是美国思科(Cisco)公司的一套包含音频、视频的会议服务器软件。 Cisco Meeting Server、Meeting App未执行用户数据的边界检查存在安全漏洞,可使远程攻击者在受影响系统上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms

Reference
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms
Impacted products
Name
['Cisco Meeting Server 2.0.1', 'Cisco Acano Server <1.8.16', 'Cisco Acano Server <1.9.3', 'Cisco Meeting App <1.9.8', 'Cisco Acano Meeting Apps <1.8.35']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "94073"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6447"
    }
  },
  "description": "Cisco Meeting Server\uff08\u524d\u79f0Acano Conferencing Server\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u5305\u542b\u97f3\u9891\u3001\u89c6\u9891\u7684\u4f1a\u8bae\u670d\u52a1\u5668\u8f6f\u4ef6\u3002 \r\n\r\nCisco Meeting Server\u3001Meeting App\u672a\u6267\u884c\u7528\u6237\u6570\u636e\u7684\u8fb9\u754c\u68c0\u67e5\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u5728\u53d7\u5f71\u54cd\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10610",
  "openTime": "2016-11-04",
  "patchDescription": "Cisco Meeting Server\uff08\u524d\u79f0Acano Conferencing Server\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u5305\u542b\u97f3\u9891\u3001\u89c6\u9891\u7684\u4f1a\u8bae\u670d\u52a1\u5668\u8f6f\u4ef6\u3002 \r\n\r\nCisco Meeting Server\u3001Meeting App\u672a\u6267\u884c\u7528\u6237\u6570\u636e\u7684\u8fb9\u754c\u68c0\u67e5\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u5728\u53d7\u5f71\u54cd\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Meeting Server\u548cMeeting App\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Meeting Server 2.0.1",
      "Cisco Acano Server \u003c1.8.16",
      "Cisco Acano Server \u003c1.9.3",
      "Cisco Meeting App \u003c1.9.8",
      "Cisco Acano Meeting Apps \u003c1.8.35"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms",
  "serverity": "\u9ad8",
  "submitTime": "2016-11-03",
  "title": "Cisco Meeting Server\u548cMeeting App\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.