Remote code execution in Cisco Meeting Server and Cisco Meeting App - CVE-2016-6447
Published: November 2, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU1138
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6447
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Meeting Server
Cisco Meeting App
Cisco Meeting Server
Cisco Meeting App
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to insufficient input validation. By sending a specially crafted IPv6 data, a remote attacker can trigger a buffer underflow or memory allocation error that allows him to execute arbitrary code or reload the affected device.
Successful exploitation of the vulnerability may result in arbitrary code execution.
The weakness is due to insufficient input validation. By sending a specially crafted IPv6 data, a remote attacker can trigger a buffer underflow or memory allocation error that allows him to execute arbitrary code or reload the affected device.
Successful exploitation of the vulnerability may result in arbitrary code execution.
How to mitigate CVE-2016-6447
Update to version 2.0.1.