CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1722 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1722
18 Apr 2019 — A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted ... • http://www.securityfocus.com/bid/108006 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 6%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
06 Aug 2018 — Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP pac... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12287
https://notcve.org/view.php?id=CVE-2017-12287
19 Oct 2017 — A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by send... • http://www.securityfocus.com/bid/101525 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 8.6EPSS: 0%CPEs: 32EXPL: 0CVE-2017-3790
https://notcve.org/view.php?id=CVE-2017-3790
01 Feb 2017 — A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit coul... • http://www.securityfocus.com/bid/95786 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9207
https://notcve.org/view.php?id=CVE-2016-9207
14 Dec 2016 — A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. • http://www.securityfocus.com/bid/94797 • CWE-20: Improper Input Validation CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-0652
https://notcve.org/view.php?id=CVE-2015-0652
13 Mar 2015 — The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192. La implementación Session Description Protocol (SDP) en Cisco TelePresence Video Communication Server (VCS) y Cisco Expressway anterior a X8.2 y Cisco TelePre... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 4%CPEs: 8EXPL: 0CVE-2015-0653
https://notcve.org/view.php?id=CVE-2015-0653
13 Mar 2015 — The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556. La interfaz de gestión en Cisco TelePresence Video Communication Server (VCS) y Cisco Expressway anterior a X7.2.4, X8 anterior a X8.1.2, y X8.2 anterior a X8.2.2 y ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3368
https://notcve.org/view.php?id=CVE-2014-3368
19 Oct 2014 — Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507. Cisco TelePresence Video Communication Server (VCS) y Expressway Software anterior a X8.2 permiten a atacantes remotos causar una denegación de servicio (recarga del dispositivo) a través de una tasa alta de paquetes manipulados, también conocido como Bug ID CSCui06507. • http://secunia.com/advisories/60850 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3369
https://notcve.org/view.php?id=CVE-2014-3369
19 Oct 2014 — The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252. La implementación SIP IX en Cisco TelePresence Video Communication Server (VCS) y Expressway Software anterior a X8.1.1 permite a atacantes remotos causar una denegación de servicio (recarga del dispositivo) a través de paquetes SDP manipulados, también conocido como Bug ID C... • http://secunia.com/advisories/60850 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3370
https://notcve.org/view.php?id=CVE-2014-3370
19 Oct 2014 — Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447. Cisco TelePresence Video Communication Server (VCS) y Expressway Software anterior a X8.1.1 permiten a atacantes remotos causar una denegación de servicio (recarga del dispositivo) a través de paquetes SIP manipulados, también conocido como Bug IDs CSCum60442 y CSCum60447. • http://secunia.com/advisories/60850 • CWE-399: Resource Management Errors •