CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20255
https://notcve.org/view.php?id=CVE-2023-20255
01 Nov 2023 — A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets rea... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-segfault-G6ES4Ve8 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40122 – Cisco Meeting Server Call Bridge Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-40122
21 Oct 2021 — A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition. Una vulner... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-LAHe8z5v • CWE-399: Resource Management Errors CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1524 – Cisco Meeting Server API Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1524
16 Jun 2021 — A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition. Una vulnerabilidad en la API de... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meetingserver-dos-NzVWMMQT • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3197 – Cisco Meetings App Missing TURN Server Credentials Expiration Vulnerability
https://notcve.org/view.php?id=CVE-2020-3197
16 Jul 2020 — A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this vulnerability by intercepting the legitimate traffic that is generated by an affected system. An exploit could allow the attacker to obtain the TURN server cre... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cma-turn-crdls-RHjSzKXn • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3160 – Cisco Meeting Server Extensible Messaging and Presence Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3160
19 Feb 2020 — A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to c... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-xmpp-dos-ptfGUsBx • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15987 – Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-15987
26 Nov 2019 — A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the u... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1623 – Cisco Meeting Server CLI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1623
20 Jun 2019 — A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affect... • http://www.securityfocus.com/bid/108840 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1794 – Cisco Directory Connector Search Order Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2019-1794
18 Apr 2019 — A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources. Una vulnerabilidad en el proceso de búsqueda de ruta (search path) de Directory Connector de Cisco, podría... • http://www.securityfocus.com/bid/108032 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1676 – Cisco Meeting Server SIP Processing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1676
08 Feb 2019 — A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a Do... • http://www.securityfocus.com/bid/106909 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1678 – Cisco Meeting Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1678
07 Feb 2019 — A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in ... • http://www.securityfocus.com/bid/106943 • CWE-20: Improper Input Validation •