CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20754 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20754
06 Apr 2022 — Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la API y en las interfaces de ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk • CWE-23: Relative Path Traversal •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34715 – Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability
https://notcve.org/view.php?id=CVE-2021-34715
18 Aug 2021 — A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewver-c6WZPXRx • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3482 – Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3482
18 Nov 2020 — A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3596 – Cisco Expressway Series and TelePresence Video Communication Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3596
08 Oct 2020 — A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit this vulnerability by sending a series of SIP packets to an affected device. A successful exploit could allow the attacker to exhaust memory on an affected de... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-vcs-dos-n6xxTMZB • CWE-670: Always-Incorrect Control Flow Implementation CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2011-2538
https://notcve.org/view.php?id=CVE-2011-2538
28 Oct 2019 — Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. Cisco Video Communications Server (VCS) versiones anteriores a X7.0.3, contiene una vulnerabilidad de inyección de comandos lo que permite a atacantes remotos y autenticados ejecutar comandos arbitrarios. • https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/release_note/Cisco_VCS_Release_Note_X7-0-3.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12705 – Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-12705
16 Oct 2019 — A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user o... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-vcs-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1872 – Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1872
05 Jun 2019 — A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the... • http://www.securityfocus.com/bid/108677 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1720 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1720
18 Apr 2019 — A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulti... • http://www.securityfocus.com/bid/108002 • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1721 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1721
18 Apr 2019 — A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successf... • http://www.securityfocus.com/bid/108016 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1722 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1722
18 Apr 2019 — A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted ... • http://www.securityfocus.com/bid/108006 • CWE-352: Cross-Site Request Forgery (CSRF) •