CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-12311
https://notcve.org/view.php?id=CVE-2017-12311
16 Nov 2017 — A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) cond... • http://www.securityfocus.com/bid/101855 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 1%CPEs: 18EXPL: 0CVE-2017-12249
https://notcve.org/view.php?id=CVE-2017-12249
13 Sep 2017 — A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server t... • http://www.securityfocus.com/bid/100821 • CWE-16: Configuration CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.2EPSS: 0%CPEs: 30EXPL: 0CVE-2017-6794
https://notcve.org/view.php?id=CVE-2017-6794
07 Sep 2017 — A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI comma... • http://www.securityfocus.com/bid/100464 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2017-6763
https://notcve.org/view.php?id=CVE-2017-6763
07 Aug 2017 — A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected application does not properly validate Fragmentation Unit (FU-A) protocol packets. An attacker could exploit this vulnerability by sending a crafted H.264 FU-A packet through the affected application. A successful exploit could allow the attacker to caus... • http://www.securityfocus.com/bid/100111 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3830
https://notcve.org/view.php?id=CVE-2017-3830
22 Feb 2017 — A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2. Una vulnerabilidad en una API interna de Cisco Meeting Server (CMS) podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) en la aplicación afectada. • http://www.securityfocus.com/bid/96242 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2017-3837
https://notcve.org/view.php?id=CVE-2017-3837
22 Feb 2017 — An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid session with the Web Bridge. Affec... • http://www.securityfocus.com/bid/96243 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 6%CPEs: 5EXPL: 0CVE-2016-6447
https://notcve.org/view.php?id=CVE-2016-6447
03 Nov 2016 — A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0. Una vulnerabilidad en Cisco Meeting Ser... • http://www.securityfocus.com/bid/94073 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 9EXPL: 0CVE-2016-6448
https://notcve.org/view.php?id=CVE-2016-6448
03 Nov 2016 — A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0. Una vulnerabilidad en el analizador de Session ... • http://www.securityfocus.com/bid/94076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6444
https://notcve.org/view.php?id=CVE-2016-6444
27 Oct 2016 — A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. Una vulnerabilidad en Cisco Meeting Server podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de CSRF contra un usuario Web Bridge. Más información: CSCvb03308. • http://www.securityfocus.com/bid/93785 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6445
https://notcve.org/view.php?id=CVE-2016-6445
27 Oct 2016 — A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user. Una vulnerabilidad en el servicio Extensible Messaging y P... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc • CWE-20: Improper Input Validation •