A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc - Mitigation, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/93517 - | |
References | () http://www.securitytracker.com/id/1037000 - |
Information
Published : 2016-10-27 21:59
Updated : 2024-11-21 02:56
NVD link : CVE-2016-6445
Mitre link : CVE-2016-6445
CVE.ORG link : CVE-2016-6445
JSON object : View
Products Affected
cisco
- meeting_server
CWE
CWE-20
Improper Input Validation