Published: 14/12/2016 Updated: 22/12/2016

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote malicious user to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco expressway x8.8.3
cisco expressway x8.7.2

Cisco Expressway version 881 suffers from an access control bypass that allows an attacker to leverage the application for internal port scanning ...

CWE-20 CWE-254 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway http://www.securityfocus.com/bid/94797 http://www.securitytracker.com/id/1037422 https://nvd.nist.gov https://packetstormsecurity.com/files/140197/Cisco-Expressway-8.8.1-Internal-Scanning.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-9207

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect