CVE-2016-1444

MEDIUM

Cisco TelePresence VCS/X8.1-8.7 & Expressway X8.1-8.6 - Auth Bypass

Title source: llm
STIX 2.1

Description

The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91669
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036237

Scores

CVSS v3 6.5
EPSS 0.0120
EPSS Percentile 64.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-20
Status published
Products (18)
cisco/telepresence_video_communication_server x8.1
cisco/telepresence_video_communication_server x8.1.1
cisco/telepresence_video_communication_server x8.1.2
cisco/telepresence_video_communication_server x8.2
cisco/telepresence_video_communication_server x8.2.1
cisco/telepresence_video_communication_server x8.2.2
cisco/telepresence_video_communication_server x8.5 rc4
cisco/telepresence_video_communication_server x8.5.0
cisco/telepresence_video_communication_server x8.5.1
cisco/telepresence_video_communication_server x8.5.2
... and 8 more
Published Jul 07, 2016
Tracked Since Feb 18, 2026