CVE-2016-6447 - OpenCVE

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Meeting App Meeting Server

Configuration 1 [-]

OR	cpe:2.3:a:cisco:meeting_app:1.8.0:::::::*
	cpe:2.3:a:cisco:meeting_app:1.9.0:::::::*
	cpe:2.3:a:cisco:meeting_server:1.8_base:::::::*
	cpe:2.3:a:cisco:meeting_server:1.9.0:::::::*
	cpe:2.3:a:cisco:meeting_server:2.0.0:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/94073
http://www.securitytracker.com/id/1037180
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2016-11-03T21:00:00

Updated: 2024-08-06T01:29:20.152Z

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6447

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-11-03T21:59:04.217

Modified: 2017-07-29T01:34:18.397

Link: CVE-2016-6447

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35"}]}], "datePublic": "2016-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms"}, {"name": "1037180", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037180"}, {"name": "94073", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94073"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-6447", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35", "version": {"version_data": [{"version_value": "Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms"}, {"name": "1037180", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037180"}, {"name": "94073", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94073"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:20.152Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms"}, {"name": "1037180", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037180"}, {"name": "94073", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94073"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-6447", "datePublished": "2016-11-03T21:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:20.152Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:meeting_app:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "246A1F5B-B988-4CAE-A79F-6BA5778A9040", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_app:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "52AA6758-9C2E-4AD5-B1C2-CDCE85EA8344", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*", "matchCriteriaId": "0CD09398-8DBF-4467-9BE3-A9297AE247AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "1691992B-DD39-43CA-BD51-800EEE19F224", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C48DC084-1DD2-4878-B1DB-1035CAE3B918", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Meeting Server y Meeting App podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario en un sistema afectado. Esta vulnerabilidad afecta a los siguientes productos: lanzamientos Cisco Meeting Server anteriores a 2.0.1, lanzamientos Acano Server anteriores a 1.8.16 y anteriores a 1.9.3, lanzamientos Cisco Meeting App anteriores a 1.9.8, lanzamientos Acano Meeting Apps anteriores a 1.8.35. M\u00e1s informaci\u00f3n: CSCva75942 CSCvb67878. Lanzamientos conocidos afectados: 1.81.92.0."}], "id": "CVE-2016-6447", "lastModified": "2017-07-29T01:34:18.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-03T21:59:04.217", "references": [{"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/94073"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1037180"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}