{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-06T00:00:00", "descriptions": [{"lang": "en", "value": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-31T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20160706 Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"}, {"name": "91669", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91669"}, {"name": "1036237", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036237"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1444", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20160706 Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"}, {"name": "91669", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91669"}, {"name": "1036237", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036237"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.589Z"}, "title": "CVE Program Container", "references": [{"name": "20160706 Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"}, {"name": "91669", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91669"}, {"name": "1036237", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036237"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1444", "datePublished": "2016-07-07T14:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.589Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:*:*:*:*", "matchCriteriaId": "935A6CEE-3860-4D6F-A09F-3852ACE2A6C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D72830A-472E-4634-BDE8-B0210DFA88B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "920FE47B-5E1C-4EC3-92C1-D173468CB6C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE36B64A-8826-4B79-ABC3-867325CEDC57", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FB9EE33-F267-4CC2-8FDA-724235EE5077", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "68882242-65D5-452C-B84C-666C13627A4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:rc4:*:*:*:*:*:*", "matchCriteriaId": "BD2525F4-19BE-4865-949D-467022385A39", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2340556-9735-40A8-B57D-C27A16F3B45A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "FABB3CEE-81DB-49FB-8C00-913AFAF9B617", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "9B49F452-C359-41B2-8A7F-79FE034015FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "074E887D-3234-415A-A339-D74BDE003F83", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B99CF9AE-32DE-483A-B0E3-437384E64427", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C16F599-AB82-4609-AADD-BE8D40984DB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*", "matchCriteriaId": "BD644623-840C-424C-82EE-20FC01A9E56E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "E66073CB-E4BF-458F-B645-5EFA5FB3067D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "E549E37F-3D1A-490B-8BEE-482D082486EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "1BB58937-A990-48B1-89E4-6C0EDADC84E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*", "matchCriteriaId": "D44B9E1D-623E-4C76-B4DD-5BEACEFF9154", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601."}, {"lang": "es", "value": "El componente Mobile and Remote Access (MRA) en Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versi\u00f3n X8.7 y Expressway X8.1 hasta la versi\u00f3n X8.6 no maneja correctamente los certificados, lo que permite a atacantes remotos eludir la autenticaci\u00f3n a trav\u00e9s de un certificado confiable manipulado, tambi\u00e9n conocido como Bug ID CSCuz64601."}], "id": "CVE-2016-1444", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-07T14:59:05.970", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91669"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036237"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036237"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}