PT-2016-7703 · Cisco · Cisco Telepresence Video Communication Server+1

Publicado

2016-12-14

·

Atualizado

2016-12-22

·

CVE-2016-9207

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Name of the Vulnerable Software and Affected Versions Cisco Expressway Series Software versions prior to X8.9 Cisco TelePresence Video Communication Server (VCS) versions prior to X8.9
Description A vulnerability in the HTTP traffic server component could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts, although it does not allow for full traffic proxy through the Expressway.
Recommendations For Cisco Expressway Series Software version X8.7.2, update to version X8.9 or later. For Cisco Expressway Series Software version X8.8.3, update to version X8.9 or later. For Cisco TelePresence Video Communication Server (VCS) versions prior to X8.9, update to version X8.9 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-254

Identificadores relacionados

CVE-2016-9207

Produtos afetados

Cisco Expressway Series
Cisco Telepresence Video Communication Server