CVE-2016-1444: Input Validation
First published: Thu Jul 07 2016(Updated: )
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tandberg Video Communication Server | =x8.1 | |
| Tandberg Video Communication Server | =x8.1.1 | |
| Tandberg Video Communication Server | =x8.1.2 | |
| Tandberg Video Communication Server | =x8.2 | |
| Tandberg Video Communication Server | =x8.2.1 | |
| Tandberg Video Communication Server | =x8.2.2 | |
| Tandberg Video Communication Server | =x8.5-rc4 | |
| Tandberg Video Communication Server | =x8.5.0 | |
| Tandberg Video Communication Server | =x8.5.1 | |
| Tandberg Video Communication Server | =x8.5.2 | |
| Tandberg Video Communication Server | =x8.5.3 | |
| Tandberg Video Communication Server | =x8.6.0 | |
| Tandberg Video Communication Server | =x8.6.1 | |
| Tandberg Video Communication Server | =x8.7 | |
| Cisco TelePresence Video Communication Server | =x8.5.1 | |
| Cisco TelePresence Video Communication Server | =x8.5.2 | |
| Cisco TelePresence Video Communication Server | =x8.5.3 | |
| Cisco TelePresence Video Communication Server | =x8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1444?
CVE-2016-1444 has been assigned a high severity rating due to its potential to allow unauthorized access to the system.
How do I fix CVE-2016-1444?
To fix CVE-2016-1444, upgrade the affected Cisco TelePresence Video Communication Server or Expressway software to a version that resolves this vulnerability.
Which versions are affected by CVE-2016-1444?
CVE-2016-1444 affects Cisco TelePresence Video Communication Server versions X8.1 through X8.7 and Expressway versions X8.1 through X8.6.
What is the impact of exploiting CVE-2016-1444?
Exploiting CVE-2016-1444 allows remote attackers to bypass authentication using an arbitrary trusted certificate.
Are there any workarounds for CVE-2016-1444?
There are no recommended workarounds for CVE-2016-1444; the best course of action is to apply the appropriate software updates.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- vendor/cisco
- canonical/tandberg video communication server
- version/tandberg video communication server/x8.1
- version/tandberg video communication server/x8.1.1
- version/tandberg video communication server/x8.1.2
- version/tandberg video communication server/x8.2
- version/tandberg video communication server/x8.2.1
- version/tandberg video communication server/x8.2.2
- version/tandberg video communication server/x8.5-rc4
- version/tandberg video communication server/x8.5.0
- version/tandberg video communication server/x8.5.1
- version/tandberg video communication server/x8.5.2
- version/tandberg video communication server/x8.5.3
- version/tandberg video communication server/x8.6.0
- version/tandberg video communication server/x8.6.1
- version/tandberg video communication server/x8.7
- canonical/cisco telepresence video communication server
- version/cisco telepresence video communication server/x8.5.1
- version/cisco telepresence video communication server/x8.5.2
- version/cisco telepresence video communication server/x8.5.3
- version/cisco telepresence video communication server/x8.6