CVE-2016-6445
Published on: 10/27/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:11 PM UTC
Certain versions of Meeting Server from Cisco contain the following vulnerability:
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.
- CVE-2016-6445 has been assigned by
[email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.
CVSS3 Score: 9.1 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | NONE |
CVSS2 Score: 6.4 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Cisco Meeting Server Client Authentication Bypass Vulnerability | Mitigation Vendor Advisory tools.cisco.com text/html |
![]() |
Cisco Meeting Server XMPP Authentication Flaw Lets Remote Users Bypass Authentication on the Target System - SecurityTracker | www.securitytracker.com text/html |
![]() |
Cisco Meeting Server CVE-2016-6445 Authentication Bypass Vulnerability | cve.report (archive) text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Cisco | Meeting Server | 1.8.15 | All | All | All |
Application | Cisco | Meeting Server | 1.8_base | All | All | All |
Application | Cisco | Meeting Server | 1.9.0 | All | All | All |
Application | Cisco | Meeting Server | 1.9.2 | All | All | All |
Application | Cisco | Meeting Server | 2.0.0 | All | All | All |
Application | Cisco | Meeting Server | 2.0.1 | All | All | All |
Application | Cisco | Meeting Server | 2.0.3 | All | All | All |
Application | Cisco | Meeting Server | 2.0.4 | All | All | All |
Application | Cisco | Meeting Server | 2.0.5 | All | All | All |
Application | Cisco | Meeting Server | 1.8.15 | All | All | All |
Application | Cisco | Meeting Server | 1.8_base | All | All | All |
Application | Cisco | Meeting Server | 1.9.0 | All | All | All |
Application | Cisco | Meeting Server | 1.9.2 | All | All | All |
Application | Cisco | Meeting Server | 2.0.0 | All | All | All |
Application | Cisco | Meeting Server | 2.0.1 | All | All | All |
Application | Cisco | Meeting Server | 2.0.3 | All | All | All |
Application | Cisco | Meeting Server | 2.0.4 | All | All | All |
Application | Cisco | Meeting Server | 2.0.5 | All | All | All |
- cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE