CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20806 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20806
27 May 2022 — Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API y en las interfaces de gestión basadas en la web de la serie Expressway de Cisco y del servidor de comunicacio... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20809 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20809
26 May 2022 — Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la API y en las interfaces de administración basadas en la web de la serie Expressway de Cisco y del servidor de comunic... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20755 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20755
06 Apr 2022 — Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la API y en las interfaces de ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk • CWE-23: Relative Path Traversal •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20754 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20754
06 Apr 2022 — Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la API y en las interfaces de ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk • CWE-23: Relative Path Traversal •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2021-34716 – Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-34716
18 Aug 2021 — A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading spe... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewrce-QPynNCjh • CWE-460: Improper Cleanup on Thrown Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34715 – Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability
https://notcve.org/view.php?id=CVE-2021-34715
18 Aug 2021 — A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewver-c6WZPXRx • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3482 – Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3482
18 Nov 2020 — A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3596 – Cisco Expressway Series and TelePresence Video Communication Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3596
08 Oct 2020 — A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit this vulnerability by sending a series of SIP packets to an affected device. A successful exploit could allow the attacker to exhaust memory on an affected de... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-vcs-dos-n6xxTMZB • CWE-670: Always-Incorrect Control Flow Implementation CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2011-2538
https://notcve.org/view.php?id=CVE-2011-2538
28 Oct 2019 — Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. Cisco Video Communications Server (VCS) versiones anteriores a X7.0.3, contiene una vulnerabilidad de inyección de comandos lo que permite a atacantes remotos y autenticados ejecutar comandos arbitrarios. • https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/release_note/Cisco_VCS_Release_Note_X7-0-3.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12705 – Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-12705
16 Oct 2019 — A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user o... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-vcs-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •