CVE-2016-9207

CWE-20Improper Input ValidationCWE-2544 documents4 sources
Severity
6.5MEDIUM
EPSS
0.8%
top 25.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Expressway
Timeline
PublishedDec 14
Latest updateMay 17

Description

A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

CVEListV5cisco_expresswayCisco Expressway
NVDcisco/expresswayx8.7.2, x8.8.3+1

🔴Vulnerability Details

2
GHSA
GHSA-gm92-2372-834c: A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections t2022-05-17
CVEList
CVE-2016-9207: A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections t2016-12-14

📋Vendor Advisories

1
Cisco
Cisco Expressway Series Software Security Bypass Vulnerability2016-12-07
CVE-2016-9207 (MEDIUM CVSS 6.5) | A vulnerability in the HTTP traffic | cvebase.io