Test ID:	1.3.6.1.4.1.25623.1.0.140044
Category:	CISCO
Title:	Cisco Meeting Server Client Authentication Bypass Vulnerability
Summary:	A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco;Meeting Server (CMS) could allow an unauthenticated, remote attacker to masquerade as a legitimate;user. This vulnerability is due to the XMPP service incorrectly processing a deprecated;authentication scheme. A successful exploit could allow an attacker to access the system as;another user.;;Cisco has released software updates that address this vulnerability. Workarounds that address this;vulnerability in some environments are available. This advisory is available at the referenced link.
Description:	Summary: A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability in some environments are available. This advisory is available at the referenced link. Solution: Update to 2.0.6 or newer. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6445 BugTraq ID: 93517 http://www.securityfocus.com/bid/93517 http://www.securitytracker.com/id/1037000
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.