CVE-2016-6447

high-risk
Published 2016-11-03

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0.

Do I need to act?

~
7.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (5)

Meeting App
Meeting App

Affected Vendors

Cisco

References (6)

http://www.securityfocus.com/bid/94073
http://www.securitytracker.com/id/1037180
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
http://www.securityfocus.com/bid/94073
http://www.securitytracker.com/id/1037180
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 12/34 · Low