Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-1444

The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.

Published

2016-07-07T14:59:05.970

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco telepresence_video_communication_server x8.1 Yes
Application cisco telepresence_video_communication_server x8.1.1 Yes
Application cisco telepresence_video_communication_server x8.1.2 Yes
Application cisco telepresence_video_communication_server x8.2 Yes
Application cisco telepresence_video_communication_server x8.2.1 Yes
Application cisco telepresence_video_communication_server x8.2.2 Yes
Application cisco telepresence_video_communication_server x8.5 Yes
Application cisco telepresence_video_communication_server x8.5.0 Yes
Application cisco telepresence_video_communication_server x8.5.1 Yes
Application cisco telepresence_video_communication_server x8.5.2 Yes
Application cisco telepresence_video_communication_server x8.5.3 Yes
Application cisco telepresence_video_communication_server x8.6.0 Yes
Application cisco telepresence_video_communication_server x8.6.1 Yes
Application cisco telepresence_video_communication_server x8.7 Yes
Application cisco telepresence_video_communication_server_software x8.5.1 Yes
Application cisco telepresence_video_communication_server_software x8.5.2 Yes
Application cisco telepresence_video_communication_server_software x8.5.3 Yes
Application cisco telepresence_video_communication_server_software x8.6 Yes
References