CVSS: 7.8EPSS: 0%CPEs: 67EXPL: 0CVE-2017-6648
https://notcve.org/view.php?id=CVE-2017-6648
08 Jun 2017 — A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the at... • http://www.securityfocus.com/bid/98934 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2016-6459
https://notcve.org/view.php?id=CVE-2016-6459
19 Nov 2016 — Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. Los puntos finales de Cisco TelePresence que ejecutan cualquiera de los software CE o TC contienen una vulnerabilidad que podría permitir a un atacante local autenticado ejecutar una inyección de comando shell local. • http://www.securityfocus.com/bid/94075 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1387
https://notcve.org/view.php?id=CVE-2016-1387
05 May 2016 — The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. La API XML en TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4 y 7.3.5 y Collaboration Endpoint (CE) 8.0.0, 8.0.1 y 8.1.0 en Cisco TelePresence So... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4271
https://notcve.org/view.php?id=CVE-2015-4271
15 Jul 2015 — Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604. Cisco TelePresence TC anterior a 7.3.4 en dispositivos Integrator C permite a atacantes remotos eludir la autenticación a través de vectores que involucran múltiples parámetros de petición, también conocido como Bug ID CSCuv00604. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39880 • CWE-284: Improper Access Control •