CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1872 – Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1872
05 Jun 2019 — A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the... • http://www.securityfocus.com/bid/108677 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.6EPSS: 9%CPEs: 2EXPL: 0CVE-2019-1845 – Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1845
05 Jun 2019 — A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by se... • http://www.securityfocus.com/bid/108615 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1854 – Cisco Expressway Series Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-1854
03 May 2019 — A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications M... • https://packetstorm.news/files/id/152963 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1720 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1720
18 Apr 2019 — A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulti... • http://www.securityfocus.com/bid/108002 • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1721 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1721
18 Apr 2019 — A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successf... • http://www.securityfocus.com/bid/108016 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1722 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1722
18 Apr 2019 — A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted ... • http://www.securityfocus.com/bid/108006 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1679 – Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1679
07 Feb 2019 — A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exp... • http://www.securityfocus.com/bid/106940 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 1%CPEs: 3EXPL: 0CVE-2018-15430 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-15430
05 Oct 2018 — A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could al... • http://www.securitytracker.com/id/1041784 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2018-0409
https://notcve.org/view.php?id=CVE-2018-0409
15 Aug 2018 — A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to ... • http://www.securityfocus.com/bid/105102 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 6%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
06 Aug 2018 — Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP pac... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-400: Uncontrolled Resource Consumption •