var-201611-0160
Vulnerability from variot
A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0. Vendors have confirmed this vulnerability Bug ID CSCva76004 It is released as.A third party may execute arbitrary code. Cisco Meeting Server is prone to a buffer overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of affected application. Failed exploit attempts will result in denial-of-service conditions. This issue is being tracked by Cisco bug ID CSCva76004
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "meeting server",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "2.0.1"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.3"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.8.15"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.0"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.4"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.9.2"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.5"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.8_base"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.9.0"
},
{
"model": "meeting server",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.9.x (acano server)"
},
{
"model": "meeting server",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.8.x (acano server)"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.9.5"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.8.17"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.2"
},
{
"model": "acano server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.9.3"
},
{
"model": "acano server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.8.16"
},
{
"model": "acano server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.9"
},
{
"model": "acano server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.8"
},
{
"model": "meeting server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.3"
},
{
"model": "acano server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.9.5"
},
{
"model": "acano server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.8.17"
}
],
"sources": [
{
"db": "BID",
"id": "94076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005732"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-005"
},
{
"db": "NVD",
"id": "CVE-2016-6448"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:meeting_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005732"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "94076"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6448",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6448",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-95268",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6448",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6448",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-6448",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-005",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-95268",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6448",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95268"
},
{
"db": "VULMON",
"id": "CVE-2016-6448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005732"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-005"
},
{
"db": "NVD",
"id": "CVE-2016-6448"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0. Vendors have confirmed this vulnerability Bug ID CSCva76004 It is released as.A third party may execute arbitrary code. Cisco Meeting Server is prone to a buffer overflow vulnerability. \nAn attacker can exploit this issue to execute arbitrary code within the context of affected application. Failed exploit attempts will result in denial-of-service conditions. \nThis issue is being tracked by Cisco bug ID CSCva76004",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005732"
},
{
"db": "BID",
"id": "94076"
},
{
"db": "VULHUB",
"id": "VHN-95268"
},
{
"db": "VULMON",
"id": "CVE-2016-6448"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6448",
"trust": 2.9
},
{
"db": "BID",
"id": "94076",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1037181",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005732",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-005",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95268",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6448",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95268"
},
{
"db": "VULMON",
"id": "CVE-2016-6448"
},
{
"db": "BID",
"id": "94076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005732"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-005"
},
{
"db": "NVD",
"id": "CVE-2016-6448"
}
]
},
"id": "VAR-201611-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95268"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:42:24.261000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161102-cms1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1"
},
{
"title": "Cisco Meeting Server and Acano Server Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65235"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005732"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95268"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005732"
},
{
"db": "NVD",
"id": "CVE-2016-6448"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-cms1"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/94076"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1037181"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6448"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6448"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95268"
},
{
"db": "VULMON",
"id": "CVE-2016-6448"
},
{
"db": "BID",
"id": "94076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005732"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-005"
},
{
"db": "NVD",
"id": "CVE-2016-6448"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95268"
},
{
"db": "VULMON",
"id": "CVE-2016-6448"
},
{
"db": "BID",
"id": "94076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005732"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-005"
},
{
"db": "NVD",
"id": "CVE-2016-6448"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-95268"
},
{
"date": "2016-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6448"
},
{
"date": "2016-11-02T00:00:00",
"db": "BID",
"id": "94076"
},
{
"date": "2016-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005732"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-005"
},
{
"date": "2016-11-03T21:59:05.527000",
"db": "NVD",
"id": "CVE-2016-6448"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-95268"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6448"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94076"
},
{
"date": "2016-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005732"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-005"
},
{
"date": "2024-11-21T02:56:09.227000",
"db": "NVD",
"id": "CVE-2016-6448"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Meeting Server of Session Description Protocol An arbitrary code execution vulnerability in the parser",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005732"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-005"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…