CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3482 – Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3482
A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access. Una vulnerabilidad en el componente servidor Traversal Using Relays around NAT (TURN) del software Cisco Expressway, podría permitir a un atacante remoto no autenticado omitir los controles de seguridad y enviar tráfico de red hacia destinos restringidos. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3596 – Cisco Expressway Series and TelePresence Video Communication Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3596
A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit this vulnerability by sending a series of SIP packets to an affected device. A successful exploit could allow the attacker to exhaust memory on an affected device, causing it to crash and leading to a DoS condition. Una vulnerabilidad en el Session Initiation Protocol (SIP) de Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS), podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-vcs-dos-n6xxTMZB • CWE-670: Always-Incorrect Control Flow Implementation CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2538
https://notcve.org/view.php?id=CVE-2011-2538
Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. Cisco Video Communications Server (VCS) versiones anteriores a X7.0.3, contiene una vulnerabilidad de inyección de comandos lo que permite a atacantes remotos y autenticados ejecutar comandos arbitrarios. • https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/release_note/Cisco_VCS_Release_Note_X7-0-3.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12705 – Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-12705
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS), podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web de un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-vcs-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1872 – Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1872
A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system. Una vulnerabilidad en los programas TelePresence Video Communication Server (VCS) y Expressway Series de Cisco, podría permitir a un atacante remoto no identificado causar que un sistema afectado envíe peticiones de red arbitrarias. • http://www.securityfocus.com/bid/108677 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-vcs • CWE-918: Server-Side Request Forgery (SSRF) •