Details of VAR-201610-0294

ID

VAR-201610-0294

CVE

CVE-2016-6446

TITLE

Cisco Meeting Server of Web Bridge Vulnerabilities in reading memory from connected servers

Trust: 0.8

sources: JVNDB: JVNDB-2016-005700

DESCRIPTION

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. Vendors have confirmed this vulnerability Bug ID CSCvb03308 It is released as.A third party could read the memory from the connected server. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvb03308

Trust: 1.98

sources: NVD: CVE-2016-6446 // JVNDB: JVNDB-2016-005700 // BID: 93782 // VULHUB: VHN-95266

AFFECTED PRODUCTS

vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.3	Trust: 2.4
vendor:	cisco	model:	meeting server	scope:	eq	version:	1.8.15	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.0	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.1	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.4	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	1.9.2	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.5	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	1.8_base	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	1.9.0	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	lt	version:	1.9 (acano server)	Trust: 0.8
vendor:	cisco	model:	meeting server	scope:	eq	version:	1.9.5	Trust: 0.8
vendor:	cisco	model:	meeting server	scope:	lt	version:	2.0	Trust: 0.8
vendor:	cisco	model:	meeting server	scope:	lt	version:	1.8 (acano server)	Trust: 0.8
vendor:	cisco	model:	meeting server	scope:	eq	version:	1.8.17	Trust: 0.8
vendor:	cisco	model:	meeting server	scope:	eq	version:	0	Trust: 0.3

sources: BID: 93782 // JVNDB: JVNDB-2016-005700 // CNNVD: CNNVD-201610-578 // NVD: CVE-2016-6446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6446
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6446
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201610-578
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95266
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6446
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95266
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6446
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95266 // JVNDB: JVNDB-2016-005700 // CNNVD: CNNVD-201610-578 // NVD: CVE-2016-6446

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-95266 // JVNDB: JVNDB-2016-005700 // NVD: CVE-2016-6446

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-578

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201610-578

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005700

PATCH

title:	cisco-sa-20161019-cms1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1	Trust: 0.8
title:	Cisco Meeting Server Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65022	Trust: 0.6

sources: JVNDB: JVNDB-2016-005700 // CNNVD: CNNVD-201610-578

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6446	Trust: 2.8
db:	BID	id:	93782	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-005700	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-578	Trust: 0.7
db:	VULHUB	id:	VHN-95266	Trust: 0.1

sources: VULHUB: VHN-95266 // BID: 93782 // JVNDB: JVNDB-2016-005700 // CNNVD: CNNVD-201610-578 // NVD: CVE-2016-6446

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161019-cms1	Trust: 2.0
url:	http://www.securityfocus.com/bid/93782	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6446	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6446	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-95266 // BID: 93782 // JVNDB: JVNDB-2016-005700 // CNNVD: CNNVD-201610-578 // NVD: CVE-2016-6446

CREDITS

Cisco

Trust: 0.9

sources: BID: 93782 // CNNVD: CNNVD-201610-578

SOURCES

db:	VULHUB	id:	VHN-95266
db:	BID	id:	93782
db:	JVNDB	id:	JVNDB-2016-005700
db:	CNNVD	id:	CNNVD-201610-578
db:	NVD	id:	CVE-2016-6446

LAST UPDATE DATE

2025-04-13T23:02:41.991000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95266	date:	2016-11-28T00:00:00
db:	BID	id:	93782	date:	2016-10-26T01:14:00
db:	JVNDB	id:	JVNDB-2016-005700	date:	2016-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201610-578	date:	2016-10-28T00:00:00
db:	NVD	id:	CVE-2016-6446	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95266	date:	2016-10-27T00:00:00
db:	BID	id:	93782	date:	2016-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2016-005700	date:	2016-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201610-578	date:	2016-10-25T00:00:00
db:	NVD	id:	CVE-2016-6446	date:	2016-10-27T21:59:18.390