PT-2016-7703 · Cisco · Cisco Telepresence Video Communication Server+1

Published

2016-12-14

Updated

2016-12-22

CVE-2016-9207

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions Cisco Expressway Series Software versions prior to X8.9 Cisco TelePresence Video Communication Server (VCS) versions prior to X8.9

Description A vulnerability in the HTTP traffic server component could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts, although it does not allow for full traffic proxy through the Expressway.

Recommendations For Cisco Expressway Series Software version X8.7.2, update to version X8.9 or later. For Cisco Expressway Series Software version X8.8.3, update to version X8.9 or later. For Cisco TelePresence Video Communication Server (VCS) versions prior to X8.9, update to version X8.9 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-254

Related Identifiers

CVE-2016-9207

Affected Products

Cisco Expressway Series

Cisco Telepresence Video Communication Server

PT-2016-7703 · Cisco · Cisco Telepresence Video Communication Server+1

CVE-2016-9207

Weakness Enumeration

Related Identifiers

Affected Products

References · 5