CVE-2016-9207

MEDIUM

Cisco Expressway - Unauthenticated TCP Connection Initiation via HTTP Traffic Server

Title source: llm
STIX 2.1

Description

A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94797
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037422

Scores

CVSS v3 6.5
EPSS 0.0202
EPSS Percentile 78.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Details

CWE
CWE-20 CWE-254
Status published
Products (3)
cisco/expressway x8.7.2
cisco/expressway x8.8.3
n/a/Cisco Expressway Cisco Expressway
Published Dec 14, 2016
Tracked Since Feb 18, 2026