CVE-2016-6397
published 2016-10-28CVE-2016-6397: A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS)…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.17%
80.0th percentile
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system_universal_media_services_unauthoriz | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated access attempts to the Cisco IPICS UMS interdevice communications interface, which requires no credentials due to insufficient authentication controls. ↗
- ·Affected versions are Cisco IPICS releases 4.8(1) through 4.10(1); no workarounds exist — patching is the only remediation. ↗
- ·There are no workarounds available for this vulnerability; only vendor-supplied software updates address it. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability
vendor_cisco·2016-10-26·CVSS 10.0
CVE-2016-6397 [CRITICAL] CWE-287 Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability
Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable.
The vulnerability is due to insufficient authentication for the interdevice communications interface access. An attacker could exploit this issue by accessing the interdevice communications interface and making changes to the UMS configuration, causing the system to become unavailable.
Cisco has released software updates that address this vulnerability. There are no workarounds that addres
Cisco
Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability
vendor_cisco
CVE-2016-6397 Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability
CVE-2016-6397: Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. The vulnerability is due to insufficient authentication for the interdevice communications interface access. An attacker could exploit this issue by accessing the interdevice communications interface and making changes to the UMS configuration, causing the system to become unavailable. Cisco has released software updates that address this vulnerability. There are no
CWE: CWE-28
GHSA
GHSA-9fq7-3gmm-wjpp: A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services
ghsa_unreviewed·2022-05-17
CVE-2016-6397 [CRITICAL] CWE-287 GHSA-9fq7-3gmm-wjpp: A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-10-28
Published