Critical severity9.1NVD Advisory· Published Oct 27, 2016· Updated May 6, 2026

CVE-2016-6445

Description

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-mscnvdMitigationVendor Advisory
www.securityfocus.com/bid/93517nvd
www.securitytracker.com/id/1037000nvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000