#VU1138 Remote code execution in Cisco Meeting Server and Cisco Meeting App - CVE-2016-6447
Published: November 2, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU1138
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6447
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Meeting Server
Cisco Meeting App
Cisco Meeting Server
Cisco Meeting App
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to insufficient input validation. By sending a specially crafted IPv6 data, a remote attacker can trigger a buffer underflow or memory allocation error that allows him to execute arbitrary code or reload the affected device.
Successful exploitation of the vulnerability may result in arbitrary code execution.
The weakness is due to insufficient input validation. By sending a specially crafted IPv6 data, a remote attacker can trigger a buffer underflow or memory allocation error that allows him to execute arbitrary code or reload the affected device.
Successful exploitation of the vulnerability may result in arbitrary code execution.
Remediation
Update to version 2.0.1.