cvelistv5 - CVE-2016-6446

CVE-2016-6446 (GCVE-0-2016-6446)

Vulnerability from cvelistv5

Published

2016-10-27 21:00

Modified

2024-08-06 01:29

Severity ?

CWE

unspecified

Summary

References

URL

	Vendor	Product	Version
	n/a	Cisco Meeting Server 1.8, 1.9, 2.0	Version: Cisco Meeting Server 1.8, 1.9, 2.0

gsd-2016-6446

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-6446

Aliases

CVE-2016-6446

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6446",
    "description": "A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.",
    "id": "GSD-2016-6446"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6446"
      ],
      "details": "A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.",
      "id": "GSD-2016-6446",
      "modified": "2023-12-13T01:21:23.363666Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6446",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Meeting Server 1.8, 1.9, 2.0",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Meeting Server 1.8, 1.9, 2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unspecified"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "93782",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93782"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6446"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1"
            },
            {
              "name": "93782",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93782"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-11-28T20:32Z",
      "publishedDate": "2016-10-27T21:59Z"
    }
  }
}

ghsa-cxgx-fvxg-j7j4

Vulnerability from github

Published

2022-05-17 03:39

Modified

2022-05-17 03:39

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-27T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.",
  "id": "GHSA-cxgx-fvxg-j7j4",
  "modified": "2022-05-17T03:39:25Z",
  "published": "2022-05-17T03:39:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6446"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93782"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco ASA versions 9.5(x) antérieures à 9.5(3.1)
Cisco	N/A	Cisco ASA versions 9.6(x) antérieures à 9.6(2.1)
Cisco	N/A	Acano Meeting Server versions 1.8.x antérieures à 1.8.17
Cisco	N/A	Cisco ASA versions 9.4(x) antérieures à 9.4(3.11)
Cisco	N/A	Cisco Firepower System versions 6.1.x antérieures à 6.1.0
Cisco	N/A	Cisco Meeting Server versions antérieures à 2.0.4
Cisco	N/A	Cisco Firepower System versions 6.0.x antérieures à 6.0.1
Cisco	N/A	Cisco Firepower System versions antérieures à 5.4.1.6
Cisco	N/A	Cisco ASA versions 9.3(x) antérieures à 9.3(3.11)
Cisco	N/A	Acano Meeting Server versions 1.9.x antérieures à 1.9.5
Cisco	N/A	Cisco ASA versions antérieures à 9.1(7.11)
Cisco	N/A	Cisco ASA versions 9.2(x) antérieures à 9.2(4.17)

References

Title

Publication Time

var-201610-0294

Vulnerability from variot

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. Vendors have confirmed this vulnerability Bug ID CSCvb03308 It is released as.A third party could read the memory from the connected server. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvb03308

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0294",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "2.0.3"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.8.15"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.0.0"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.0.1"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.0.4"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.9.2"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.0.5"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.8_base"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.9.0"
      },
      {
        "model": "meeting server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.9 (acano server)"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.9.5"
      },
      {
        "model": "meeting server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "meeting server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.8 (acano server)"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.8.17"
      },
      {
        "model": "meeting server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93782"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6446"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:meeting_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "93782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-6446",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-6446",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-95266",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-6446",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-6446",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-6446",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-578",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95266",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6446"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. Vendors have confirmed this vulnerability Bug ID CSCvb03308 It is released as.A third party could read the memory from the connected server. \nAn attacker can exploit this issue to obtain sensitive information that may aid in further attacks. \nThis issue is being tracked by Cisco bug ID CSCvb03308",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      },
      {
        "db": "BID",
        "id": "93782"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95266"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6446",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "93782",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-578",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-95266",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95266"
      },
      {
        "db": "BID",
        "id": "93782"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6446"
      }
    ]
  },
  "id": "VAR-201610-0294",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95266"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:45:48.609000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161019-cms1",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1"
      },
      {
        "title": "Cisco Meeting Server Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65022"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6446"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161019-cms1"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/93782"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6446"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6446"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95266"
      },
      {
        "db": "BID",
        "id": "93782"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6446"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-95266"
      },
      {
        "db": "BID",
        "id": "93782"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6446"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95266"
      },
      {
        "date": "2016-10-19T00:00:00",
        "db": "BID",
        "id": "93782"
      },
      {
        "date": "2016-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      },
      {
        "date": "2016-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      },
      {
        "date": "2016-10-27T21:59:18.390000",
        "db": "NVD",
        "id": "CVE-2016-6446"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95266"
      },
      {
        "date": "2016-10-26T01:14:00",
        "db": "BID",
        "id": "93782"
      },
      {
        "date": "2016-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      },
      {
        "date": "2016-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      },
      {
        "date": "2024-11-21T02:56:08.987000",
        "db": "NVD",
        "id": "CVE-2016-6446"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Meeting Server of  Web Bridge Vulnerabilities in reading memory from connected servers",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005700"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-578"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2016-10251

Vulnerability from cnvd

Title

Cisco Meeting Server信息泄露漏洞

Description

Cisco Meeting Server（前称Acano Conferencing Server）是美国思科（Cisco）公司的一套包含音频、视频的会议服务器软件。 Cisco Meeting Server中存在信息泄露漏洞，攻击者可以利用该漏洞获得敏感信息。

Severity

中

Patch Name

Cisco Meeting Server信息泄露漏洞的补丁

Patch Description

Cisco Meeting Server（前称Acano Conferencing Server）是美国思科（Cisco）公司的一套包含音频、视频的会议服务器软件。 Cisco Meeting Server中存在信息泄露漏洞，攻击者可以利用该漏洞获得敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1

Reference

http://www.securityfocus.com/bid/93782

Impacted products

Name
Cisco Meeting Server

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93782"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6446"
    }
  },
  "description": "Cisco Meeting Server\uff08\u524d\u79f0Acano Conferencing Server\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u5305\u542b\u97f3\u9891\u3001\u89c6\u9891\u7684\u4f1a\u8bae\u670d\u52a1\u5668\u8f6f\u4ef6\u3002 \r\n\r\nCisco Meeting Server\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10251",
  "openTime": "2016-10-28",
  "patchDescription": "Cisco Meeting Server\uff08\u524d\u79f0Acano Conferencing Server\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u5305\u542b\u97f3\u9891\u3001\u89c6\u9891\u7684\u4f1a\u8bae\u670d\u52a1\u5668\u8f6f\u4ef6\u3002 \r\n\r\nCisco Meeting Server\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Meeting Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Meeting Server"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93782",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-24",
  "title": "Cisco Meeting Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

fkie_cve-2016-6446

Vulnerability from fkie_nvd

Published

2016-10-27 21:59

Modified

2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/93782
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93782
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	meeting_server	1.8.15
cisco	meeting_server	1.8_base
cisco	meeting_server	1.9.0
cisco	meeting_server	1.9.2
cisco	meeting_server	2.0.0
cisco	meeting_server	2.0.1
cisco	meeting_server	2.0.3
cisco	meeting_server	2.0.4
cisco	meeting_server	2.0.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8E4843E-E44A-42E8-B83D-AEFC7A8BCE13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CD09398-8DBF-4467-9BE3-A9297AE247AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1691992B-DD39-43CA-BD51-800EEE19F224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "53619071-8A6A-4230-BDEF-B0E1461217C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C48DC084-1DD2-4878-B1DB-1035CAE3B918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA9A904-9AB5-4757-ABD1-0F6F933799BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA8A21E-97BA-4326-9F7B-FCBD480134EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E6FA3F5-752D-45AB-A8CB-6488F409D933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B80C9BA-07EC-4183-9AAD-3229913C9FD7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Web Bridge for Cisco Meeting Server podr\u00eda permitir a un atacante remoto no autenticado recuperar memoria de un servidor conectado. M\u00e1s informaci\u00f3n: CSCvb03308. Lanzamientos conocidos afectados: 1.8, 1.9, 2.0."
    }
  ],
  "id": "CVE-2016-6446",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-27T21:59:18.390",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93782"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-6446 (GCVE-0-2016-6446)

Vulnerability from cvelistv5

gsd-2016-6446

Vulnerability from gsd

ghsa-cxgx-fvxg-j7j4

Vulnerability from github

CERTFR-2016-AVI-354

Vulnerability from certfr_avis

Solution

var-201610-0294

Vulnerability from variot

cnvd-2016-10251

Vulnerability from cnvd

fkie_cve-2016-6446

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature