CVE-2016-6448
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
03/11/2016
Last modified:
12/04/2025
Description
A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/94076
- http://www.securitytracker.com/id/1037181
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1
- http://www.securityfocus.com/bid/94076
- http://www.securitytracker.com/id/1037181
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1