Test ID:	1.3.6.1.4.1.25623.1.0.806683
Category:	CISCO
Title:	Cisco Video Communications Server Information Disclosure Vulnerability (cisco-sa-20160208-vcs)
Summary:	Cisco Video Communications Server (VCS), when utilized as part; of a Jabber Guest deployment, contains an information disclosure vulnerability that could allow; and unauthenticated, remote attacker to gain access to potentially sensitive information.
Description:	Summary: Cisco Video Communications Server (VCS), when utilized as part of a Jabber Guest deployment, contains an information disclosure vulnerability that could allow and unauthenticated, remote attacker to gain access to potentially sensitive information. Vulnerability Insight: The vulnerability exists due to a failure to properly protect an informational URL that contains aggregated call statistics. An attacker that knows the URL could submit a request to retrieve the page containing the information. Affected Software/OS: Cisco TelePresence Video Communication Server (VCS) version X8.1 through X8.7 when used in conjunction with Jabber Guest. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1316 Cisco Security Advisory: 20160208 Cisco Video Communications Server Information Disclosure Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs http://www.securitytracker.com/id/1034956
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.