CVE-2016-1316

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Server (VCS) versions X8.1 through X8.7

Description The issue is related to the lack of protection for service data, allowing remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL. This can be achieved by sending a specially crafted GET request.

Recommendations For versions X8.1 through X8.7, consider restricting access to the URL that provides call-statistics information until a patch is available. As a temporary workaround, limit the exposure of the Cisco TelePresence Video Communication Server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.