cbcvebase.
CVE-2016-6397
published 2016-10-28

CVE-2016-6397: A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS)…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.17%
80.0th percentile
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2).

Affected

6 ranges
VendorProductVersion rangeFixed in
ciscoip_interoperability_and_collaboration_system
ciscoip_interoperability_and_collaboration_system
ciscoip_interoperability_and_collaboration_system
ciscoip_interoperability_and_collaboration_system
ciscoip_interoperability_and_collaboration_system
ciscoip_interoperability_and_collaboration_system_universal_media_services_unauthoriz

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated access attempts to the Cisco IPICS UMS interdevice communications interface, which requires no credentials due to insufficient authentication controls.
  • ·Affected versions are Cisco IPICS releases 4.8(1) through 4.10(1); no workarounds exist — patching is the only remediation.
  • ·There are no workarounds available for this vulnerability; only vendor-supplied software updates address it.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.