CVE-2016-1444

MEDIUM

Cisco TelePresence VCS/X8.1-8.7 & Expressway X8.1-8.6 - Auth Bypass

Title source: llm

Description

The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.

References (3)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91669

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036237

Scores

CVSS v3 6.5

EPSS 0.0010

EPSS Percentile 28.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-20

Status draft

Affected Products (18)

cisco/telepresence_video_communication_server

cisco/telepresence_video_communication_server_software

... and 3 more

Timeline

Published Jul 07, 2016

Tracked Since Feb 18, 2026