Information Disclosure Vulnerability in Cisco TelePresence Video Communication Server
CVE-2016-1316

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 9 February 2016

What is CVE-2016-1316?

The Cisco TelePresence Video Communication Server (VCS) versions X8.1 through X8.7, utilized with Jabber Guest, contains a security flaw that permits remote attackers to access sensitive call statistics information by making direct requests to an unspecified URL. This vulnerability can potentially expose critical operational data, necessitating prompt attention and remediation.

References

http://www.securitytracker.com/id/1034956

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2016
Vulnerability Reserved
Jan 4, 2016