CVE-2016-6447
CRITICALCisco Meeting Server and Meeting App - Remote Code Execution
Title source: llmDescription
A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037180
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94073
Scores
CVSS v3
9.8
EPSS
0.0308
EPSS Percentile
86.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (6)
cisco/meeting_app
1.8.0
cisco/meeting_app
1.9.0
cisco/meeting_server
1.8_base
cisco/meeting_server
1.9.0
cisco/meeting_server
2.0.0
n/a/Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35
Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano
Published
Nov 03, 2016
Tracked Since
Feb 18, 2026