ID
VAR-201611-0159
CVE
CVE-2016-6447
TITLE
Cisco Meeting Server and Meeting Vulnerability to execute arbitrary code in application
Trust: 0.8
DESCRIPTION
A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0. Vendors have confirmed this vulnerability Bug ID CSCva75942 and CSCvb67878 It is released as.A third party may execute arbitrary code. This issue being tracked by Cisco Bug ID CSCva75942 and CSCvb67878. Cisco Meeting Server (formerly known as Acano Conferencing Server, CMS) and so on are products of Cisco (Cisco). CMS is a set of conference server software including audio and video; Cisco Meeting App is a set of applications for creating, joining and running conference video systems. A buffer overflow vulnerability exists in several Cisco products
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | cisco | model: | meeting server | scope: | eq | version: | 2.0.0 | Trust: 1.6 |
| vendor: | cisco | model: | meeting app | scope: | eq | version: | 1.8.0 | Trust: 1.6 |
| vendor: | cisco | model: | meeting server | scope: | eq | version: | 1.9.0 | Trust: 1.6 |
| vendor: | cisco | model: | meeting server | scope: | eq | version: | 1.8_base | Trust: 1.6 |
| vendor: | cisco | model: | meeting app | scope: | eq | version: | 1.9.0 | Trust: 1.6 |
| vendor: | cisco | model: | meeting server | scope: | lt | version: | (acano server) | Trust: 0.8 |
| vendor: | cisco | model: | meeting application | scope: | eq | version: | 1.8.35 | Trust: 0.8 |
| vendor: | cisco | model: | meeting application | scope: | lt | version: | (acano apps) | Trust: 0.8 |
| vendor: | cisco | model: | meeting server | scope: | lt | version: | 1.9.x (acano server) | Trust: 0.8 |
| vendor: | cisco | model: | meeting server | scope: | eq | version: | 1.9.3 | Trust: 0.8 |
| vendor: | cisco | model: | meeting server | scope: | eq | version: | 1.8.16 | Trust: 0.8 |
| vendor: | cisco | model: | meeting server | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | meeting apps | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | meeting app | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | acano server | scope: | eq | version: | 1.9 | Trust: 0.3 |
| vendor: | cisco | model: | acano server | scope: | eq | version: | 1.8 | Trust: 0.3 |
| vendor: | cisco | model: | meeting server | scope: | ne | version: | 2.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | meeting apps | scope: | ne | version: | 1.8.35 | Trust: 0.3 |
| vendor: | cisco | model: | meeting app | scope: | ne | version: | 1.9.8 | Trust: 0.3 |
| vendor: | cisco | model: | acano server | scope: | ne | version: | 1.9.3 | Trust: 0.3 |
| vendor: | cisco | model: | acano server | scope: | ne | version: | 1.8.16 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-119 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer overflow
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20161102-cms | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms | Trust: 0.8 |
| title: | Multiple Cisco Product Buffer Overflow Vulnerability Fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65236 | Trust: 0.6 |
| title: | Threatpost | url: | https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/ | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-6447 | Trust: 2.9 |
| db: | BID | id: | 94073 | Trust: 1.5 |
| db: | SECTRACK | id: | 1037180 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2016-005731 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201611-006 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-95267 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2016-6447 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-cms | Trust: 2.1 |
| url: | http://www.securityfocus.com/bid/94073 | Trust: 1.2 |
| url: | http://www.securitytracker.com/id/1037180 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6447 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6447 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/119.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/ | Trust: 0.1 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-95267 |
| db: | VULMON | id: | CVE-2016-6447 |
| db: | BID | id: | 94073 |
| db: | JVNDB | id: | JVNDB-2016-005731 |
| db: | CNNVD | id: | CNNVD-201611-006 |
| db: | NVD | id: | CVE-2016-6447 |
LAST UPDATE DATE
2025-04-13T23:31:24.351000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-95267 | date: | 2017-07-29T00:00:00 |
| db: | VULMON | id: | CVE-2016-6447 | date: | 2017-07-29T00:00:00 |
| db: | BID | id: | 94073 | date: | 2016-11-24T01:07:00 |
| db: | JVNDB | id: | JVNDB-2016-005731 | date: | 2016-11-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201611-006 | date: | 2016-11-04T00:00:00 |
| db: | NVD | id: | CVE-2016-6447 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-95267 | date: | 2016-11-03T00:00:00 |
| db: | VULMON | id: | CVE-2016-6447 | date: | 2016-11-03T00:00:00 |
| db: | BID | id: | 94073 | date: | 2016-11-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-005731 | date: | 2016-11-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201611-006 | date: | 2016-11-04T00:00:00 |
| db: | NVD | id: | CVE-2016-6447 | date: | 2016-11-03T21:59:04.217 |