CVSS: 7.8EPSS: 0%CPEs: 67EXPL: 0CVE-2017-6648
https://notcve.org/view.php?id=CVE-2017-6648
A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. • http://www.securityfocus.com/bid/98934 http://www.securitytracker.com/id/1038624 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2016-6459
https://notcve.org/view.php?id=CVE-2016-6459
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. Los puntos finales de Cisco TelePresence que ejecutan cualquiera de los software CE o TC contienen una vulnerabilidad que podría permitir a un atacante local autenticado ejecutar una inyección de comando shell local. • http://www.securityfocus.com/bid/94075 http://www.securitytracker.com/id/1037187 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •