Telepresence Server Software
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-0326 | Med | 0.40 | 6.1 | 0.02 | May 17, 2018 | A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for… | ||
| CVE-2017-3815 | Med | 0.35 | 5.3 | 0.01 | Mar 17, 2017 | An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a… | ||
| CVE-2015-6304 | 0.00 | — | 0.01 | Sep 24, 2015 | Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760. | |||
| CVE-2015-6284 | 0.00 | — | 0.02 | Sep 20, 2015 | Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a… | |||
| CVE-2015-0713 | 0.00 | — | 0.03 | May 25, 2015 | The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco… | |||
| CVE-2015-0660 | 0.00 | — | 0.00 | Mar 14, 2015 | Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123. | |||
| CVE-2014-3324 | 0.00 | — | 0.01 | Jul 26, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060. | |||
| CVE-2013-1176 | 0.00 | — | 0.01 | Apr 18, 2013 | The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device… |
- risk 0.40cvss 6.1epss 0.02
A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for…
- risk 0.35cvss 5.3epss 0.01
An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a…
- CVE-2015-6304Sep 24, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.
- CVE-2015-6284Sep 20, 2015risk 0.00cvss —epss 0.02
Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a…
- CVE-2015-0713May 25, 2015risk 0.00cvss —epss 0.03
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco…
- CVE-2015-0660Mar 14, 2015risk 0.00cvss —epss 0.00
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
- CVE-2014-3324Jul 26, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.
- CVE-2013-1176Apr 18, 2013risk 0.00cvss —epss 0.01
The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device…