CVSS: 8.3EPSS: 1%CPEs: 114EXPL: 0CVE-2012-2486
https://notcve.org/view.php?id=CVE-2012-2486
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953. La implementación del protocolo Cisco Discovery Protocol (CDP) en Cisco TelePresence Multipoint Switch anterior a v1.9.0, Cisco TelePresence Immersive Endpoint Devices anterior a v1.9.1, Cisco TelePresence Manager anterior a v1.9.0, y Cisco TelePresence Recording Server anterior a v1.8.1 permite a atacantes remotos ejecutar código arbitrario mediante el envío de paquetes CDP mal formados, también conocido como Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, y CSCtz40953. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3075
https://notcve.org/view.php?id=CVE-2012-3075
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. La interfaz web de administración en Cisco TelePresence Immersive Endpoint Devices anterior a v1.7.4 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una petición TCP mal formada al puerto 443, también conocido como Bug ID CSCtn99724 • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2012-0331
https://notcve.org/view.php?id=CVE-2012-0331
Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319. Cisco TelePresence Video Communication Server con software anterior a v7.0.1 permite a atacantes remotos provocar una denegación de servicio (caída de dispositivo) a través de un paquete SIP manipulado, como se demostró con un mensaje SIP INVITE desde un dispositivo Tandberg, también conocido como Bug ID CSCtq73319. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2012-0330
https://notcve.org/view.php?id=CVE-2012-0330
Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. Cisco TelePresence Video Communication Server con software anterior a vX7.0.1 permite a atacantes remotos provocar una denegación de servicio (caída de dispositivo) a través de un paquete SIP manipulado, también conocido como Bug ID CSCtr20426. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs • CWE-399: Resource Management Errors •
CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 2CVE-2011-2544 – Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-2544
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en la interfaz web de Cisco TelePresence System MXP Serie F9.1 y anteriores, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML a través de una Call ID modificada, como lo demuestran los ataques de falsificación de petición en sitios cruzados (CSRF) que cambian las contraseñas o provocan una denegación de servicio, también conocido como Bug ID CSCtq46488. Cisco TelePresensce Series suffers from client-side code execution, denial of service, cookie theft, loss of confidentiality, and impersonation vulnerabilities. • https://www.exploit-db.com/exploits/17871 http://secunia.com/advisories/46057 http://secunia.com/advisories/46109 http://securityreason.com/securityalert/8393 http://securitytracker.com/id?1026072 http://www.exploit-db.com/exploits/17871 http://www.securityfocus.com/archive/1/519698/100/0/threaded http://www.securityfocus.com/bid/49670 https://exchange.xforce.ibmcloud.com/vulnerabilities/69906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •