CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2017-12359
https://notcve.org/view.php?id=CVE-2017-12359
30 Nov 2017 — A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisc... • http://www.securityfocus.com/bid/102186 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12362
https://notcve.org/view.php?id=CVE-2017-12362
30 Nov 2017 — A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931. • http://www.securityfocus.com/bid/101987 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-12311
https://notcve.org/view.php?id=CVE-2017-12311
16 Nov 2017 — A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) cond... • http://www.securityfocus.com/bid/101855 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2017-12264
https://notcve.org/view.php?id=CVE-2017-12264
05 Oct 2017 — A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A successful exploit could allow the attacker to cause a reload of the Web Admin Server. Cisco Bug IDs: CSCve89149. • http://www.securityfocus.com/bid/101148 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 1%CPEs: 18EXPL: 0CVE-2017-12249
https://notcve.org/view.php?id=CVE-2017-12249
13 Sep 2017 — A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server t... • http://www.securityfocus.com/bid/100821 • CWE-16: Configuration CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12224
https://notcve.org/view.php?id=CVE-2017-12224
07 Sep 2017 — A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a... • http://www.securityfocus.com/bid/100657 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 30EXPL: 0CVE-2017-6794
https://notcve.org/view.php?id=CVE-2017-6794
07 Sep 2017 — A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI comma... • http://www.securityfocus.com/bid/100464 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2017-6763
https://notcve.org/view.php?id=CVE-2017-6763
07 Aug 2017 — A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected application does not properly validate Fragmentation Unit (FU-A) protocol packets. An attacker could exploit this vulnerability by sending a crafted H.264 FU-A packet through the affected application. A successful exploit could allow the attacker to caus... • http://www.securityfocus.com/bid/100111 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 16%CPEs: 63EXPL: 0CVE-2017-6753
https://notcve.org/view.php?id=CVE-2017-6753
25 Jul 2017 — A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defec... • http://www.securityfocus.com/bid/99614 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3830
https://notcve.org/view.php?id=CVE-2017-3830
22 Feb 2017 — A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2. Una vulnerabilidad en una API interna de Cisco Meeting Server (CMS) podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) en la aplicación afectada. • http://www.securityfocus.com/bid/96242 • CWE-20: Improper Input Validation •