NotCVE - vendor:"Cisco" product:"Meeting Server" version:" >= 2.2.0

Page 2 of 13 results (0.023 seconds)

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2017-12311

https://notcve.org/view.php?id=CVE-2017-12311

16 Nov 2017 — A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) cond... • http://www.securityfocus.com/bid/101855 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •

CVSS: 9.1EPSS: 1%CPEs: 18EXPL: 0

CVE-2017-12249

https://notcve.org/view.php?id=CVE-2017-12249

13 Sep 2017 — A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server t... • http://www.securityfocus.com/bid/100821 • CWE-16: Configuration CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 7.2EPSS: 0%CPEs: 30EXPL: 0

CVE-2017-6794

https://notcve.org/view.php?id=CVE-2017-6794

07 Sep 2017 — A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI comma... • http://www.securityfocus.com/bid/100464 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

1 2