Sign-up

ID

VAR-201611-0160


CVE

CVE-2016-6448


TITLE

Cisco Meeting Server of Session Description Protocol An arbitrary code execution vulnerability in the parser

Trust: 0.8

sources: JVNDB: JVNDB-2016-005732

DESCRIPTION

A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0. Vendors have confirmed this vulnerability Bug ID CSCva76004 It is released as.A third party may execute arbitrary code. Cisco Meeting Server is prone to a buffer overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of affected application. Failed exploit attempts will result in denial-of-service conditions. This issue is being tracked by Cisco bug ID CSCva76004

Trust: 2.07

sources: NVD: CVE-2016-6448 // JVNDB: JVNDB-2016-005732 // BID: 94076 // VULHUB: VHN-95268 // VULMON: CVE-2016-6448

AFFECTED PRODUCTS

vendor:ciscomodel:meeting serverscope:eqversion:2.0.1

Trust: 1.9

vendor:ciscomodel:meeting serverscope:eqversion:2.0.3

Trust: 1.6

vendor:ciscomodel:meeting serverscope:eqversion:1.8.15

Trust: 1.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.0

Trust: 1.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.4

Trust: 1.6

vendor:ciscomodel:meeting serverscope:eqversion:1.9.2

Trust: 1.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.5

Trust: 1.6

vendor:ciscomodel:meeting serverscope:eqversion:1.8_base

Trust: 1.6

vendor:ciscomodel:meeting serverscope:eqversion:1.9.0

Trust: 1.6

vendor:ciscomodel:meeting serverscope:ltversion:1.9.x (acano server)

Trust: 0.8

vendor:ciscomodel:meeting serverscope:ltversion:1.8.x (acano server)

Trust: 0.8

vendor:ciscomodel:meeting serverscope:eqversion:1.9.5

Trust: 0.8

vendor:ciscomodel:meeting serverscope:eqversion:1.8.17

Trust: 0.8

vendor:ciscomodel:meeting serverscope:eqversion:2.0.2

Trust: 0.3

vendor:ciscomodel:acano serverscope:eqversion:1.9.3

Trust: 0.3

vendor:ciscomodel:acano serverscope:eqversion:1.8.16

Trust: 0.3

vendor:ciscomodel:acano serverscope:eqversion:1.9

Trust: 0.3

vendor:ciscomodel:acano serverscope:eqversion:1.8

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.0.3

Trust: 0.3

vendor:ciscomodel:acano serverscope:neversion:1.9.5

Trust: 0.3

vendor:ciscomodel:acano serverscope:neversion:1.8.17

Trust: 0.3

sources: BID: 94076 // JVNDB: JVNDB-2016-005732 // CNNVD: CNNVD-201611-005 // NVD: CVE-2016-6448

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6448
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-6448
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201611-005
value: HIGH

Trust: 0.6

VULHUB: VHN-95268
value: HIGH

Trust: 0.1

VULMON: CVE-2016-6448
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6448
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-95268
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6448
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95268 // VULMON: CVE-2016-6448 // JVNDB: JVNDB-2016-005732 // CNNVD: CNNVD-201611-005 // NVD: CVE-2016-6448

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-95268 // JVNDB: JVNDB-2016-005732 // NVD: CVE-2016-6448

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-005

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201611-005

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005732

PATCH
title:cisco-sa-20161102-cms1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1
Trust: 0.8
title:Cisco Meeting Server  and Acano Server Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65235
Trust: 0.6
title:Threatposturl:https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-6448 // 
            
            
            
            JVNDB: JVNDB-2016-005732 // 
            
            
            
            CNNVD: CNNVD-201611-005

EXTERNAL IDS
db:NVDid:CVE-2016-6448
Trust: 2.9
db:BIDid:94076
Trust: 1.5
db:SECTRACKid:1037181
Trust: 1.2
db:JVNDBid:JVNDB-2016-005732
Trust: 0.8
db:CNNVDid:CNNVD-201611-005
Trust: 0.7
db:VULHUBid:VHN-95268
Trust: 0.1
db:VULMONid:CVE-2016-6448
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95268 // 
            
            
            
            VULMON: CVE-2016-6448 // 
            
            
            
            BID: 94076 // 
            
            
            
            JVNDB: JVNDB-2016-005732 // 
            
            
            
            CNNVD: CNNVD-201611-005 // 
            
            
            
            NVD: CVE-2016-6448

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-cms1
Trust: 2.1
url:http://www.securityfocus.com/bid/94076
Trust: 1.2
url:http://www.securitytracker.com/id/1037181
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6448
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6448
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95268 // 
            
            
            
            VULMON: CVE-2016-6448 // 
            
            
            
            BID: 94076 // 
            
            
            
            JVNDB: JVNDB-2016-005732 // 
            
            
            
            CNNVD: CNNVD-201611-005 // 
            
            
            
            NVD: CVE-2016-6448

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 94076

SOURCES
db:VULHUBid:VHN-95268
db:VULMONid:CVE-2016-6448
db:BIDid:94076
db:JVNDBid:JVNDB-2016-005732
db:CNNVDid:CNNVD-201611-005
db:NVDid:CVE-2016-6448

LAST UPDATE DATE
2025-04-13T23:14:12.444000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95268date:2017-07-29T00:00:00
db:VULMONid:CVE-2016-6448date:2017-07-29T00:00:00
db:BIDid:94076date:2016-11-24T01:07:00
db:JVNDBid:JVNDB-2016-005732date:2016-11-08T00:00:00
db:CNNVDid:CNNVD-201611-005date:2016-11-04T00:00:00
db:NVDid:CVE-2016-6448date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-95268date:2016-11-03T00:00:00
db:VULMONid:CVE-2016-6448date:2016-11-03T00:00:00
db:BIDid:94076date:2016-11-02T00:00:00
db:JVNDBid:JVNDB-2016-005732date:2016-11-08T00:00:00
db:CNNVDid:CNNVD-201611-005date:2016-11-04T00:00:00
db:NVDid:CVE-2016-6448date:2016-11-03T21:59:05.527