CVE-2016-6448

{"id": "CVE-2016-6448", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2016-11-03T21:59:05.527", "references": [{"url": "http://www.securityfocus.com/bid/94076", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1037181", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0."}, {"lang": "es", "value": "Una vulnerabilidad en el analizador de Session Description Protocol (SDP) de Cisco Meeting Server podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario en un sistema afectado. Esta vulnerabilidad afecta a los siguientes productos: lanzamientos Cisco Meeting Server anteriores a Release 2.0.3, lanzamientos Acano Server 1.9.x anteriores a Release 1.9.5, lanzamientos Acano Server 1.8.x anteriores a Release 1.8.17. M\u00e1s informaci\u00f3n: CSCva76004. Lanzamientos conocidos afectados: 1.8.x 1.92.0."}], "lastModified": "2017-07-29T01:34:18.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:meeting_server:1.8.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E4843E-E44A-42E8-B83D-AEFC7A8BCE13"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:1.8_base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CD09398-8DBF-4467-9BE3-A9297AE247AB"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1691992B-DD39-43CA-BD51-800EEE19F224"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:1.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53619071-8A6A-4230-BDEF-B0E1461217C0"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C48DC084-1DD2-4878-B1DB-1035CAE3B918"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CA9A904-9AB5-4757-ABD1-0F6F933799BE"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FA8A21E-97BA-4326-9F7B-FCBD480134EF"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E6FA3F5-752D-45AB-A8CB-6488F409D933"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B80C9BA-07EC-4183-9AAD-3229913C9FD7"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}