CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1679 – Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1679
07 Feb 2019 — A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exp... • http://www.securityfocus.com/bid/106940 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.6EPSS: 0%CPEs: 32EXPL: 0CVE-2017-3790
https://notcve.org/view.php?id=CVE-2017-3790
01 Feb 2017 — A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit coul... • http://www.securityfocus.com/bid/95786 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1468
https://notcve.org/view.php?id=CVE-2016-1468
08 Aug 2016 — The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. La interfaz web administrativa en Cisco TelePresence Video Communication Server Expressway X8.5.2 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de campos arbitrarios, también conocido como Bug ID CSCuv12531. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-vcse • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2016-1444
https://notcve.org/view.php?id=CVE-2016-1444
07 Jul 2016 — The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. El componente Mobile and Remote Access (MRA) en Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versión X8.7 y Expressway X8.1 hasta la versión X8.6 no maneja correctamente los certificados, lo que perm... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2016-1400
https://notcve.org/view.php?id=CVE-2016-1400
25 May 2016 — Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. Cisco TelePresence Video Communications Server (VCS) X8.x en versiones anteriores a X8.7.2 permite a atacantes remotos provocar una denegación de servicio (interrupción de servicio) a través de una URL manipulada en una cabecera SIP, también conocida como Bug ID CSCuy43258. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160516-vcs • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1338
https://notcve.org/view.php?id=CVE-2016-1338
12 Mar 2016 — Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. Cisco TelePresence Video Communication Server (VCS) X8.5.1 y X8.5.2 permite a usuarios remotos autenticados provocar una denegación de servicio (corte de VoIP) a través de un mensaje SIP manipulado, también conocida como Bug ID CSCuu43026. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-vcs • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2016-1316
https://notcve.org/view.php?id=CVE-2016-1316
09 Feb 2016 — Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versión X8.7, tal como se utiliza en conjunción con Jabber Guest, permite a atacantes remotos obtener información de estadísticas de llamada sensible a través de una petición directa a una URL n... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6318
https://notcve.org/view.php?id=CVE-2015-6318
12 Oct 2015 — Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969. Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 y X8.5.2 permite a usuarios locales escribir en archivos arbitrarios a través de un ataque de enlace simbolico no especificado, también conocido como Bug ID CSCuv11969. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151007-vcs • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4325
https://notcve.org/view.php?id=CVE-2015-4325
12 Oct 2015 — The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272. La implementación de process-management en Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 permite a usuarios locales obtener privilegios mediante la terminación de un proceso firestarter.py supervisad... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151006-vcs • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4330
https://notcve.org/view.php?id=CVE-2015-4330
02 Sep 2015 — A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. Vulnerabilidad en un archivo de script local en Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2, permite a usuarios locales obtener privilegios para la ejecución de comandos del sistema operativo a través de parámetros no válidos, también conocida como Bug ID CSCuv10556. • http://tools.cisco.com/security/center/viewAlert.x?alertId=40541 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •