Telepresence System Software
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-2577 | 0.04 | — | 0.13 | Aug 31, 2011 | Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061,… | |||
| CVE-2011-2544 | 0.03 | — | 0.05 | Sep 23, 2011 | Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF)… | |||
| CVE-2014-3362 | 0.00 | — | 0.03 | Sep 12, 2014 | Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677. | |||
| CVE-2014-3274 | 0.00 | — | 0.01 | May 26, 2014 | Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified… | |||
| CVE-2014-2161 | 0.00 | — | 0.02 | May 2, 2014 | The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731. | |||
| CVE-2014-2160 | 0.00 | — | 0.02 | May 2, 2014 | The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745. | |||
| CVE-2014-2159 | 0.00 | — | 0.02 | May 2, 2014 | The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722. | |||
| CVE-2014-2158 | 0.00 | — | 0.01 | May 2, 2014 | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720. | |||
| CVE-2014-2157 | 0.00 | — | 0.01 | May 2, 2014 | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733. | |||
| CVE-2014-2156 | 0.00 | — | 0.01 | May 2, 2014 | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739. | |||
| CVE-2014-0661 | 0.00 | — | 0.02 | Jan 22, 2014 | The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack… | |||
| CVE-2013-3454 | 0.00 | — | 0.02 | Aug 8, 2013 | Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform… | |||
| CVE-2013-1246 | 0.00 | — | 0.02 | May 31, 2013 | Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610. | |||
| CVE-2012-3075 | 0.00 | — | 0.02 | Jul 12, 2012 | The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. | |||
| CVE-2012-3074 | 0.00 | — | 0.01 | Jul 12, 2012 | An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. | |||
| CVE-2012-3073 | 0.00 | — | 0.02 | Jul 12, 2012 | The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1)… | |||
| CVE-2012-2486 | 0.00 | — | 0.02 | Jul 12, 2012 | The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote… | |||
| CVE-2012-0331 | 0.00 | — | 0.01 | Mar 1, 2012 | Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319. | |||
| CVE-2012-0330 | 0.00 | — | 0.01 | Mar 1, 2012 | Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. | |||
| CVE-2011-0379 | 0.00 | — | 0.02 | Feb 25, 2011 | Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco… |
- CVE-2011-2577Aug 31, 2011risk 0.04cvss —epss 0.13
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061,…
- CVE-2011-2544Sep 23, 2011risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF)…
- CVE-2014-3362Sep 12, 2014risk 0.00cvss —epss 0.03
Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677.
- CVE-2014-3274May 26, 2014risk 0.00cvss —epss 0.01
Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified…
- CVE-2014-2161May 2, 2014risk 0.00cvss —epss 0.02
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731.
- CVE-2014-2160May 2, 2014risk 0.00cvss —epss 0.02
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745.
- CVE-2014-2159May 2, 2014risk 0.00cvss —epss 0.02
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722.
- CVE-2014-2158May 2, 2014risk 0.00cvss —epss 0.01
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720.
- CVE-2014-2157May 2, 2014risk 0.00cvss —epss 0.01
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733.
- CVE-2014-2156May 2, 2014risk 0.00cvss —epss 0.01
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739.
- CVE-2014-0661Jan 22, 2014risk 0.00cvss —epss 0.02
The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack…
- CVE-2013-3454Aug 8, 2013risk 0.00cvss —epss 0.02
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform…
- CVE-2013-1246May 31, 2013risk 0.00cvss —epss 0.02
Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610.
- CVE-2012-3075Jul 12, 2012risk 0.00cvss —epss 0.02
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
- CVE-2012-3074Jul 12, 2012risk 0.00cvss —epss 0.01
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.
- CVE-2012-3073Jul 12, 2012risk 0.00cvss —epss 0.02
The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1)…
- CVE-2012-2486Jul 12, 2012risk 0.00cvss —epss 0.02
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote…
- CVE-2012-0331Mar 1, 2012risk 0.00cvss —epss 0.01
Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319.
- CVE-2012-0330Mar 1, 2012risk 0.00cvss —epss 0.01
Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426.
- CVE-2011-0379Feb 25, 2011risk 0.00cvss —epss 0.02
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco…
Page 1 of 2