CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20255
https://notcve.org/view.php?id=CVE-2023-20255
01 Nov 2023 — A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets rea... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-segfault-G6ES4Ve8 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40122 – Cisco Meeting Server Call Bridge Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-40122
21 Oct 2021 — A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition. Una vulner... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-LAHe8z5v • CWE-399: Resource Management Errors CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3160 – Cisco Meeting Server Extensible Messaging and Presence Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3160
19 Feb 2020 — A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to c... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-xmpp-dos-ptfGUsBx • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0263
https://notcve.org/view.php?id=CVE-2018-0263
07 Jun 2018 — A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. Thi... • http://www.securityfocus.com/bid/104419 • CWE-16: Configuration CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12362
https://notcve.org/view.php?id=CVE-2017-12362
30 Nov 2017 — A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931. • http://www.securityfocus.com/bid/101987 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 1%CPEs: 18EXPL: 0CVE-2017-12249
https://notcve.org/view.php?id=CVE-2017-12249
13 Sep 2017 — A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server t... • http://www.securityfocus.com/bid/100821 • CWE-16: Configuration CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1451
https://notcve.org/view.php?id=CVE-2016-1451
15 Jul 2016 — Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922. Vulnerabilidad de XSS en la interfaz de administración basada en web en Cisco Meeting Server (anteriormente Acano Conferencing Server) 1.7 hasta la versión 1.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a t... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-ms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •