CVE-2016-6448
Severity
9.8CRITICAL
EPSS
7.6%
top 8.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 3
Latest updateMay 17
Description
A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
▶CVEListV5cisco_meeting_server_before_2.0.3_and_acano_server_before_1.9.5Cisco Meeting Server before 2.0.3 and Acano Server before 1.9.5
🔴Vulnerability Details
2GHSA▶
GHSA-rp77-2mhc-jvcr: A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute ar↗2022-05-17
CVEList▶
CVE-2016-6448: A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute ar↗2016-11-03
📋Vendor Advisories
1Cisco▶
Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability↗2016-11-02