CVSS: 9.1EPSS: 1%CPEs: 18EXPL: 0CVE-2017-12249
https://notcve.org/view.php?id=CVE-2017-12249
13 Sep 2017 — A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server t... • http://www.securityfocus.com/bid/100821 • CWE-16: Configuration CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.2EPSS: 0%CPEs: 30EXPL: 0CVE-2017-6794
https://notcve.org/view.php?id=CVE-2017-6794
07 Sep 2017 — A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI comma... • http://www.securityfocus.com/bid/100464 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •