CVE-2016-1444
MEDIUMCisco TelePresence VCS/X8.1-8.7 & Expressway X8.1-8.6 - Auth Bypass
Title source: llmDescription
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91669
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036237
Scores
CVSS v3
6.5
EPSS
0.0120
EPSS Percentile
64.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (18)
cisco/telepresence_video_communication_server
x8.1
cisco/telepresence_video_communication_server
x8.1.1
cisco/telepresence_video_communication_server
x8.1.2
cisco/telepresence_video_communication_server
x8.2
cisco/telepresence_video_communication_server
x8.2.1
cisco/telepresence_video_communication_server
x8.2.2
cisco/telepresence_video_communication_server
x8.5 rc4
cisco/telepresence_video_communication_server
x8.5.0
cisco/telepresence_video_communication_server
x8.5.1
cisco/telepresence_video_communication_server
x8.5.2
... and 8 more
Published
Jul 07, 2016
Tracked Since
Feb 18, 2026