PT-2016-6918 · Cisco · Cisco Meeting Server+1

Published

2016-10-27

Updated

2017-07-30

CVE-2016-6445

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cisco Meeting Server versions prior to 2.0.6 Acano Server versions prior to 1.8.18 Acano Server versions 1.9.x prior to 1.9.6

Description The issue arises from the incorrect processing of a deprecated authentication scheme by the Extensible Messaging and Presence Protocol (XMPP) service. This could allow an unauthenticated, remote attacker to masquerade as a legitimate user, potentially gaining access to the system as another user.

Recommendations For Cisco Meeting Server versions prior to 2.0.6, update to version 2.0.6 or later. For Acano Server versions prior to 1.8.18, update to version 1.8.18 or later. For Acano Server versions 1.9.x prior to 1.9.6, update to version 1.9.6 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-6445

Affected Products

Acano Server

Cisco Meeting Server

PT-2016-6918 · Cisco · Cisco Meeting Server+1

CVE-2016-6445

Weakness Enumeration

Related Identifiers

Affected Products

References · 5