HomePentest-Tools.com Logo

Cisco Video Communications Server HTTP Traffic Server Security Bypass Vulnerability CVE-2016-9207

Severity
CVSSv3 Score
6.5
Vulnerability description

Cisco TelePresence Video Communication Server is prone to a security bypass vulnerability.

Risk description

The flaw exists due to insufficient access control for TCP traffic passed through the Cisco Expressway. Successful exploitation will allow remote attacker to initiate TCP connections to arbitrary hosts, and enumerate hosts and services of arbitrary hosts, as well as degrade performance through the Cisco Expressway.

Recommendation

Upgrade to Cisco TelePresence Video Communication Server (VCS) X8.9 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 14, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available