What is CVE-2016-1307?

CVE-2016-1307 is a medium-severity vulnerability in Zyxel Gs1900-10hp_firmware, classified under CWE-255. CVSS score: 5.4/10. Published 2016-02-07.

How severe is CVE-2016-1307?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Auth bypass in Zyxel Gs1900-10hp_firmware

CVE-2016-1307

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.

EPSS: 0.002 (36.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Zyxel Gs1900-10hp_firmware
Zzinc Keymouse_firmware — versions 3.08
N/a — versions n/a

Weakness classification (CWE)

References

20160202 Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1034921 (vdb-entry, x_refsource_SECTRACK)
1034920 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2016-1307?: CVE-2016-1307 is a medium-severity vulnerability in Zyxel Gs1900-10hp_firmware, classified under CWE-255. CVSS score: 5.4/10. Published 2016-02-07.
How severe is CVE-2016-1307?: Medium severity. CVSS v3 base score is 5.4 out of 10.