CVE-2016-6377 : Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media P

Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110.

Published 2016-09-03 20:59:08

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2016-6377

Cisco » Media Origination System Suite » Version: 2.3 Base
cpe:2.3:a:cisco:media_origination_system_suite:2.3_base:*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.3(7)
cpe:2.3:a:cisco:media_origination_system_suite:2.3\(7\):*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.3(8)
cpe:2.3:a:cisco:media_origination_system_suite:2.3\(8\):*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.4(1)
cpe:2.3:a:cisco:media_origination_system_suite:2.4\(1\):*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.3(2)
cpe:2.3:a:cisco:media_origination_system_suite:2.3\(2\):*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.3(6)
cpe:2.3:a:cisco:media_origination_system_suite:2.3\(6\):*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.6 Base
cpe:2.3:a:cisco:media_origination_system_suite:2.6_base:*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.3(1)
cpe:2.3:a:cisco:media_origination_system_suite:2.3\(1\):*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.4 Base
cpe:2.3:a:cisco:media_origination_system_suite:2.4_base:*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.5 Base
cpe:2.3:a:cisco:media_origination_system_suite:2.5_base:*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.5(0)
cpe:2.3:a:cisco:media_origination_system_suite:2.5\(0\):*:*:*:*:*:*:*
Matching versions
Cisco » Media Origination System Suite » Version: 2.5(1)
cpe:2.3:a:cisco:media_origination_system_suite:2.5\(1\):*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-6377

EPSS FAQ

0.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-6377

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.1	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-6377

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-6377

http://www.securityfocus.com/bid/92715

Cisco Virtual Media Packager CVE-2016-6377 Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp

Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2016-6377

Products affected by CVE-2016-6377

Exploit prediction scoring system (EPSS) score for CVE-2016-6377

CVSS scores for CVE-2016-6377

CWE ids for CVE-2016-6377

References for CVE-2016-6377