{"containers": {"cna": {"affected": [{"product": "Cisco Meeting Server before 2.0.3 and Acano Server before 1.9.5", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Meeting Server before 2.0.3 and Acano Server before 1.9.5"}]}], "datePublic": "2016-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1"}, {"name": "1037181", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037181"}, {"name": "94076", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94076"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-6448", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Meeting Server before 2.0.3 and Acano Server before 1.9.5", "version": {"version_data": [{"version_value": "Cisco Meeting Server before 2.0.3 and Acano Server before 1.9.5"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1"}, {"name": "1037181", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037181"}, {"name": "94076", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94076"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:20.048Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1"}, {"name": "1037181", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037181"}, {"name": "94076", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94076"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-6448", "datePublished": "2016-11-03T21:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:20.048Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*", "matchCriteriaId": "B8E4843E-E44A-42E8-B83D-AEFC7A8BCE13", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*", "matchCriteriaId": "0CD09398-8DBF-4467-9BE3-A9297AE247AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "1691992B-DD39-43CA-BD51-800EEE19F224", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "53619071-8A6A-4230-BDEF-B0E1461217C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C48DC084-1DD2-4878-B1DB-1035CAE3B918", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CA9A904-9AB5-4757-ABD1-0F6F933799BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8FA8A21E-97BA-4326-9F7B-FCBD480134EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "1E6FA3F5-752D-45AB-A8CB-6488F409D933", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4B80C9BA-07EC-4183-9AAD-3229913C9FD7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0."}, {"lang": "es", "value": "Una vulnerabilidad en el analizador de Session Description Protocol (SDP) de Cisco Meeting Server podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario en un sistema afectado. Esta vulnerabilidad afecta a los siguientes productos: lanzamientos Cisco Meeting Server anteriores a Release 2.0.3, lanzamientos Acano Server 1.9.x anteriores a Release 1.9.5, lanzamientos Acano Server 1.8.x anteriores a Release 1.8.17. M\u00e1s informaci\u00f3n: CSCva76004. Lanzamientos conocidos afectados: 1.8.x 1.92.0."}], "id": "CVE-2016-6448", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-03T21:59:05.527", "references": [{"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/94076"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1037181"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/94076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037181"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}