CVE-2016-1444

The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.

Published: Jul 7, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1444
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / telepresence_video_communication_server_software	x8.5.3	x8.5.3.x
cisco / telepresence_video_communication_server	x8.1.1	x8.1.1.x
cisco / telepresence_video_communication_server_software	x8.5.2	x8.5.2.x
cisco / telepresence_video_communication_server_software	x8.6	x8.6.x
cisco / telepresence_video_communication_server	x8.7	x8.7.x
cisco / telepresence_video_communication_server	x8.5.2	x8.5.2.x
cisco / telepresence_video_communication_server_software	x8.5.1	x8.5.1.x
cisco / telepresence_video_communication_server	x8.2.1	x8.2.1.x
cisco / telepresence_video_communication_server	x8.2.2	x8.2.2.x
cisco / telepresence_video_communication_server	x8.1.2	x8.1.2.x
cisco / telepresence_video_communication_server	x8.5.1	x8.5.1.x
cisco / telepresence_video_communication_server	x8.6.0	x8.6.0.x
cisco / telepresence_video_communication_server	x8.5-rc4	x8.5-rc4.x
cisco / telepresence_video_communication_server	x8.6.1	x8.6.1.x
cisco / telepresence_video_communication_server	x8.5.3	x8.5.3.x
cisco / telepresence_video_communication_server	x8.5.0	x8.5.0.x
cisco / telepresence_video_communication_server	x8.1	x8.1.x
cisco / telepresence_video_communication_server	x8.2	x8.2.x

Vulnerability Database

289,599

CVE-2016-1444