Medium severity6.5NVD Advisory· Published Dec 14, 2016· Updated May 6, 2026

CVE-2016-9207

Description

A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9.

Affected products

Cisco Systems, Inc./Expressway2 versions
cpe:2.3:a:cisco:expressway:x8.7.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:expressway:x8.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:expressway:x8.8.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/94797nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1037422nvdThird Party AdvisoryVDB Entry
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expresswaynvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000