Vulnslist

find the latest Cisco vulnerabilities

Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability

cisco-sa-20161102-cms · High · Published · Updated

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted IPv6 input to the vulnerable function. A successful exploit could result in an exploitable buffer underflow condition. An attacker could leverage this buffer underflow condition to incorrectly allocate memory and cause a reload of the device or execute arbitrary code with the privileges of the affected application. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms

Cisco advisory · CSAF JSON

Workarounds

Workarounds that address this vulnerability are not available.

CVEsCVE-2016-6447
Cisco Bug IDsCSCva75942, CSCvb67878
CVSS ScoreBase 7.5
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
Product Names From Source
Cisco Meeting Server, Cisco Meeting App

Related Products

Product CVE Evidence
Cisco Meeting Server CVE-2016-6447 Cisco OpenVuln
Cisco Meeting App CVE-2016-6447 Cisco OpenVuln