| Vulnerability Name: | CVE-2016-6397 (CCN-118380) | ||||||||||||
| Assigned: | 2016-10-26 | ||||||||||||
| Published: | 2016-10-26 | ||||||||||||
| Updated: | 2016-11-28 | ||||||||||||
| Summary: | A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2). | ||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-287 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-6397 Source: BID Type: UNKNOWN 93913 Source: CCN Type: BID-93913 Cisco IP Interoperability and Collaboration System CVE-2016-6397 Authentication Bypass Vulnerability Source: XF Type: UNKNOWN cisco-cve20166397-sec-bypass(118380) Source: CCN Type: Cisco Security Advisory cisco-sa-20161026-ipics Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability Source: CONFIRM Type: Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||