Cisco Meeting Server Client Authentication Bypass Vulnerability (CVE-2016-6445)

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability in some environments are available. This advisory is available at the referenced link.

Cisco Meeting Server (CMS) 中可扩展消息和存在协议 (XMPP) 服务存在的一个漏洞可能使未经身份验证的远程攻击者伪装成合法用户。该漏洞源于 XMPP 服务错误地处理了一个已弃用的认证方案。成功利用此漏洞可能使攻击者以其他用户的身份访问系统。Cisco 已发布软件更新以解决此漏洞。某些环境中可用的缓解措施能够解决此漏洞。有关此安全公告的详细信息，请参阅所提供的链接。