Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Telepresence_video_communication_server
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 39 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-05 | CVE-2019-1845 | A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this... | Telepresence_video_communication_server, Unified_communications_manager_im_and_presence_service | 8.6 | ||
| 2019-05-03 | CVE-2019-1854 | A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified... | Telepresence_video_communication_server | 4.3 | ||
| 2016-08-07 | CVE-2016-1468 | The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. | Telepresence_video_communication_server | 8.8 | ||
| 2016-05-24 | CVE-2016-1400 | Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. | Telepresence_video_communication_server | 7.5 | ||
| 2015-05-29 | CVE-2015-0752 | Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635. | Telepresence_video_communication_server | N/A | ||
| 2015-01-14 | CVE-2015-0579 | Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473. | Telepresence_video_communication_server | N/A | ||
| 2014-01-23 | CVE-2014-0675 | The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. | Telepresence_video_communication_server | N/A | ||
| 2012-03-01 | CVE-2012-0331 | Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319. | Telepresence_system_software, Telepresence_video_communication_server | N/A | ||
| 2012-03-01 | CVE-2012-0330 | Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. | Telepresence_system_software, Telepresence_video_communication_server | N/A |