CVE-2016-6448
CRITICALCisco Meeting Server < 2.0.3 and Acano Server < 1.9.5 - Unauthenticated Remote Code Execution via SDP Parser
Title source: llmDescription
A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037181
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94076
Scores
CVSS v3
9.8
EPSS
0.0398
EPSS Percentile
89.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (10)
cisco/meeting_server
1.8.15
cisco/meeting_server
1.8_base
cisco/meeting_server
1.9.0
cisco/meeting_server
1.9.2
cisco/meeting_server
2.0.0
cisco/meeting_server
2.0.1
cisco/meeting_server
2.0.3
cisco/meeting_server
2.0.4
cisco/meeting_server
2.0.5
n/a/Cisco Meeting Server before 2.0.3 and Acano Server before 1.9.5
Cisco Meeting Server before 2.0.3 and Acano Server before 1.9.5
Published
Nov 03, 2016
Tracked Since
Feb 18, 2026