CVE-2016-6445

CVE Database · CVE-2016-6445

CVE-2016-6445

· N/AModified

CVSS v3.1

N/A

EPSS

2.51%

Published

Oct 27, 2016

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.

Weaknesses (CWE)

CWE-20

Affected Products (9)

cisco · meeting_servervulnerable

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc

MitigationVendor Advisory

http://www.securityfocus.com/bid/93517

http://www.securitytracker.com/id/1037000

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc

MitigationVendor Advisory

http://www.securityfocus.com/bid/93517

http://www.securitytracker.com/id/1037000

KEV Catalog EPSS Scores Vendors All CVEs