CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1623 – Cisco Meeting Server CLI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1623
20 Jun 2019 — A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affect... • http://www.securityfocus.com/bid/108840 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1794 – Cisco Directory Connector Search Order Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2019-1794
18 Apr 2019 — A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources. Una vulnerabilidad en el proceso de búsqueda de ruta (search path) de Directory Connector de Cisco, podría... • http://www.securityfocus.com/bid/108032 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1676 – Cisco Meeting Server SIP Processing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1676
08 Feb 2019 — A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a Do... • http://www.securityfocus.com/bid/106909 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1678 – Cisco Meeting Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1678
07 Feb 2019 — A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in ... • http://www.securityfocus.com/bid/106943 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-15446 – Cisco Meeting Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-15446
08 Nov 2018 — A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly... • http://www.securityfocus.com/bid/105856 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0439 – Cisco Meeting Server Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2018-0439
05 Oct 2018 — A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker t... • http://www.securityfocus.com/bid/105287 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 6%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
06 Aug 2018 — Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP pac... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-0379 – Cisco WebEx Recorder and Player ATDL2006 Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-0379
18 Jul 2018 — Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. These vulnerabilities affect ARF and WRF recording player... • http://www.securityfocus.com/bid/104853 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0359
https://notcve.org/view.php?id=CVE-2018-0359
21 Jun 2018 — A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected application does not assign a new session identifier to a user session when a user authenticates to the application. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the a... • http://www.securityfocus.com/bid/104583 • CWE-384: Session Fixation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0371
https://notcve.org/view.php?id=CVE-2018-0371
21 Jun 2018 — A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Web Admin Interface of an affected Cisco Meeting Server. A successful exploit could allow the attacker to restart the system, terminating all ongoing calls and resulting in a DoS condition... • http://www.securityfocus.com/bid/104582 • CWE-20: Improper Input Validation •