CVE-2016-6397

CRITICAL

Cisco IPICS <4.11 - Config Modification

Title source: llm

Description

A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2).

References (2)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93913

Scores

CVSS v3 9.8

EPSS 0.0102

EPSS Percentile 77.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status draft

Affected Products (5)

cisco/ip_interoperability_and_collaboration_system

Timeline

Published Oct 28, 2016

Tracked Since Feb 18, 2026