Test ID:	1.3.6.1.4.1.25623.1.0.809771
Category:	CISCO
Title:	Cisco Video Communications Server Security Bypass Vulnerability (cisco-sa-20161207-expressway)
Summary:	A vulnerability in the HTTP traffic server component of Cisco; Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to; arbitrary hosts. This does not allow for full traffic proxy through the Expressway.
Description:	Summary: A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Vulnerability Insight: The vulnerability is due to insufficient access control for TCP traffic passed through the Cisco Expressway. An attacker could exploit this vulnerability by sending a crafted URL through the Cisco Expressway. Vulnerability Impact: An exploit could allow the attacker to enumerate hosts and services of arbitrary hosts, as well as degrade performance through the Cisco Expressway. Affected Software/OS: Cisco TelePresence Video Communication Server (VCS) version X8.7.2 and X8.8.3. Solution: Upgrade to version X8.9 or later. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9207 BugTraq ID: 94797 http://www.securityfocus.com/bid/94797 http://www.securitytracker.com/id/1037422
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.