CVE-2016-6377

Published: Sep 3, 2016Modified: May 6, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110.

Affected (12)

Products: Cisco: Media Origination System Suite

Cisco

1 product

Media Origination System Suite

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Cisco Media Origination System Suite	Version 2.3(1)
Cisco Media Origination System Suite	Version 2.3(2)
Cisco Media Origination System Suite	Version 2.3(6)
Cisco Media Origination System Suite	Version 2.3(7)
Cisco Media Origination System Suite	Version 2.3(8)
Cisco Media Origination System Suite	Version 2.3_base
Cisco Media Origination System Suite	Version 2.4(1)
Cisco Media Origination System Suite	Version 2.4_base
Cisco Media Origination System Suite	Version 2.5(0)
Cisco Media Origination System Suite	Version 2.5(1)
Cisco Media Origination System Suite	Version 2.5_base
Cisco Media Origination System Suite	Version 2.6_base

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/92715

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92715

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.