CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1679 – Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1679
07 Feb 2019 — A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exp... • http://www.securityfocus.com/bid/106940 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.6EPSS: 0%CPEs: 32EXPL: 0CVE-2017-3790
https://notcve.org/view.php?id=CVE-2017-3790
01 Feb 2017 — A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit coul... • http://www.securityfocus.com/bid/95786 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2016-1444
https://notcve.org/view.php?id=CVE-2016-1444
07 Jul 2016 — The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. El componente Mobile and Remote Access (MRA) en Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versión X8.7 y Expressway X8.1 hasta la versión X8.6 no maneja correctamente los certificados, lo que perm... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2016-1400
https://notcve.org/view.php?id=CVE-2016-1400
25 May 2016 — Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. Cisco TelePresence Video Communications Server (VCS) X8.x en versiones anteriores a X8.7.2 permite a atacantes remotos provocar una denegación de servicio (interrupción de servicio) a través de una URL manipulada en una cabecera SIP, también conocida como Bug ID CSCuy43258. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160516-vcs • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1338
https://notcve.org/view.php?id=CVE-2016-1338
12 Mar 2016 — Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. Cisco TelePresence Video Communication Server (VCS) X8.5.1 y X8.5.2 permite a usuarios remotos autenticados provocar una denegación de servicio (corte de VoIP) a través de un mensaje SIP manipulado, también conocida como Bug ID CSCuu43026. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-vcs • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2016-1316
https://notcve.org/view.php?id=CVE-2016-1316
09 Feb 2016 — Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versión X8.7, tal como se utiliza en conjunción con Jabber Guest, permite a atacantes remotos obtener información de estadísticas de llamada sensible a través de una petición directa a una URL n... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6376
https://notcve.org/view.php?id=CVE-2015-6376
21 Nov 2015 — Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412. Vulnerabilidad de CSRF en Cisco TelePresence Video Communication Server (VCS) X8.5.1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocida como Bug ID CSCuv72412. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-tvcs • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6318
https://notcve.org/view.php?id=CVE-2015-6318
12 Oct 2015 — Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969. Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 y X8.5.2 permite a usuarios locales escribir en archivos arbitrarios a través de un ataque de enlace simbolico no especificado, también conocido como Bug ID CSCuv11969. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151007-vcs • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4319
https://notcve.org/view.php?id=CVE-2015-4319
20 Aug 2015 — The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338. Vulnerabilidad en la funcionalidad de cambio de contraseña en la interfaz web administrativa en Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1, realiza autorización inadecuadamente, lo que... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40442 • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4314
https://notcve.org/view.php?id=CVE-2015-4314
20 Aug 2015 — The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422. Vulnerabilidad en la característica System Snapshot en Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1, permite a usuarios remotos autenticados obtener información sensible de los hash de las contraseñas mediante la lectura del archivo snapshot, también co... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40439 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •