Executive Summary
Summary | |
---|---|
Title | Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20161102-cms | First vendor Publication | 2016-11-02 |
Vendor | Cisco | Last vendor Modification | 2016-11-02 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted IPv6 input to the vulnerable function. A successful exploit could result in an exploitable buffer underflow condition. An attacker could leverage this buffer underflow condition to incorrectly allocate memory and cause a reload of the device or execute arbitrary code with the privileges of the affected application. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJYGeeYAAoJEK89gD3EAJB5YUIP/19rgJYyhtMGclvuJki2GnmF 9Wr6KsfgTHZI2uxWOrd2GL8kLt3a8roEeLxY6T7d3aL4J3e5oKTf/eAETuaHsXnA NG1RknOcOn9P0iAY8Hr5UjMfZcIU27EfnnACqclecXbNiH1NWD6WPH6r058041Ib OXW0uTsBWNnhgFTDPuks6rCKBibbKiBYJWi6hFqqhfl7dabh7e4sqIZrR1PYZ1Jb RjfPd5NhD2ksUAeRxuwHD4hGRLQZS5Il+DdpbJ2N7JzhpaMMv6EfevqhImPCe1FM 4C/sjBNbBSYlzwdoVSDwoPLTOS8NJWPK39WC7JB9Jv5JetnV40t0gCvy1AYnVedF AoKnnkaDlsCN/lzW+js5YuKvOV1hRe+r/631TV3VWuC7SHDJCoF4tD8s/ZBugE6k 8xkN23AlsCtgP/5GNUSH4wBOXaidRTPKK5YjT0hsIqV29TYjx5Sn3BKsjIrVqB6O sJDPcxe1p/IbNL0ZRiTnsiPcrZM5uvFigyzSWixT87rfFQV4cawN6VRmjZNxZgCA NEsqCJbXRANreYD840FWleLaw8VCChU2qms3lz4k8GrLuBzZg1o+2IXd923YtCOZ qKp5szHDoPhrxLMZRL7aC9rajPv7uqQQrNOO1FMC8RRu13uriQl2oOzx7WkhZTnG 16o5lSdBYGKg9HouNE3i =m8l2 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 3 |
Alert History
Date | Informations |
---|---|
2016-11-04 21:25:00 |
|
2016-11-02 21:24:53 |
|