CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20793 – Cisco Touch 10 Device Insufficient Identity Verification Vulnerability
https://notcve.org/view.php?id=CVE-2022-20793
15 Nov 2024 — A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access t... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj • CWE-325: Missing Cryptographic Step •
CVSS: 7.1EPSS: 0%CPEs: 60EXPL: 0CVE-2023-20008
https://notcve.org/view.php?id=CVE-2023-20008
19 Jan 2023 — A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1878 – Cisco TelePresence Endpoint Command Shell Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1878
20 Jun 2019 — A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitra... • http://www.securityfocus.com/bid/108883 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 67EXPL: 0CVE-2017-6648
https://notcve.org/view.php?id=CVE-2017-6648
08 Jun 2017 — A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the at... • http://www.securityfocus.com/bid/98934 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2017-3825
https://notcve.org/view.php?id=CVE-2017-3825
16 May 2017 — A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful explo... • http://www.securityfocus.com/bid/98293 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2016-6459
https://notcve.org/view.php?id=CVE-2016-6459
19 Nov 2016 — Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. Los puntos finales de Cisco TelePresence que ejecutan cualquiera de los software CE o TC contienen una vulnerabilidad que podría permitir a un atacante local autenticado ejecutar una inyección de comando shell local. • http://www.securityfocus.com/bid/94075 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1387
https://notcve.org/view.php?id=CVE-2016-1387
05 May 2016 — The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. La API XML en TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4 y 7.3.5 y Collaboration Endpoint (CE) 8.0.0, 8.0.1 y 8.1.0 en Cisco TelePresence So... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4271
https://notcve.org/view.php?id=CVE-2015-4271
15 Jul 2015 — Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604. Cisco TelePresence TC anterior a 7.3.4 en dispositivos Integrator C permite a atacantes remotos eludir la autenticación a través de vectores que involucran múltiples parámetros de petición, también conocido como Bug ID CSCuv00604. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39880 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0CVE-2015-0770
https://notcve.org/view.php?id=CVE-2015-0770
07 Jun 2015 — CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. Vulnerabilidad de inyección CRLF en Cisco TelePresence TC 6.x anterior a 6.3.4 y 7.x anterior a 7.3.3 en los dispositivos Integrator C SX20 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de la división de respues... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39210 • CWE-20: Improper Input Validation CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 7.8EPSS: 1%CPEs: 60EXPL: 0CVE-2015-0722
https://notcve.org/view.php?id=CVE-2015-0722
25 May 2015 — The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952. Los controladores de red en Cisco TelePresence T, Cisco TelePresence TE, y Cisco TelePresence TC anterior a 7.3.2 permiten a atacantes remotos causar una denegación de servicio (reinicio de proceso o recarga de dispositivo) a través de una inundación de paquet... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc • CWE-399: Resource Management Errors •