Improper input validation in Cisco Expressway
CVE-2016-9207
A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Aff…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.008 (74.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L.
Affected products
- Cisco Expressway — versions x8.7.2, x8.8.3
- N/a Cisco Expressway — versions Cisco Expressway
Weakness classification (CWE)
References
- 94797 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 1037422 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2016-9207?
- CVE-2016-9207 is a medium-severity vulnerability in Cisco Expressway, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2016-12-14.
- How severe is CVE-2016-9207?
- Medium severity. CVSS v3 base score is 6.5 out of 10.