Telepresence Video Communication Server
CVEs (73)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1722 | 0.00 | — | 0.01 | Apr 18, 2019 | A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The… | |||
| CVE-2019-1679 | 0.00 | — | 0.02 | Feb 7, 2019 | A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host.… | |||
| CVE-2015-6414 | 0.00 | — | 0.00 | Dec 13, 2015 | Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka… | |||
| CVE-2015-6413 | 0.00 | — | 0.02 | Dec 13, 2015 | Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. | |||
| CVE-2015-6376 | 0.00 | — | 0.01 | Nov 21, 2015 | Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412. | |||
| CVE-2015-4325 | 0.00 | — | 0.00 | Oct 12, 2015 | The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID… | |||
| CVE-2015-4330 | 0.00 | — | 0.01 | Sep 2, 2015 | A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. | |||
| CVE-2015-6261 | 0.00 | — | 0.02 | Aug 26, 2015 | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID… | |||
| CVE-2015-4318 | 0.00 | — | 0.02 | Aug 20, 2015 | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. | |||
| CVE-2015-4329 | 0.00 | — | 0.02 | Aug 20, 2015 | The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796. | |||
| CVE-2015-4319 | 0.00 | — | 0.02 | Aug 20, 2015 | The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors,… | |||
| CVE-2015-4316 | 0.00 | — | 0.02 | Aug 20, 2015 | The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a… | |||
| CVE-2015-4303 | 0.00 | — | 0.02 | Aug 20, 2015 | Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. | |||
| CVE-2015-4328 | 0.00 | — | 0.02 | Aug 20, 2015 | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on… | |||
| CVE-2015-4327 | 0.00 | — | 0.00 | Aug 20, 2015 | The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. | |||
| CVE-2015-4320 | 0.00 | — | 0.02 | Aug 20, 2015 | The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340. | |||
| CVE-2015-4317 | 0.00 | — | 0.03 | Aug 20, 2015 | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. | |||
| CVE-2015-4315 | 0.00 | — | 0.02 | Aug 20, 2015 | The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID… | |||
| CVE-2015-4314 | 0.00 | — | 0.01 | Aug 20, 2015 | The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422. | |||
| CVE-2015-0772 | 0.00 | — | 0.02 | Jun 12, 2015 | Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut42422. |
- CVE-2019-1722Apr 18, 2019risk 0.00cvss —epss 0.01
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The…
- CVE-2019-1679Feb 7, 2019risk 0.00cvss —epss 0.02
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host.…
- CVE-2015-6414Dec 13, 2015risk 0.00cvss —epss 0.00
Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka…
- CVE-2015-6413Dec 13, 2015risk 0.00cvss —epss 0.02
Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.
- CVE-2015-6376Nov 21, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412.
- CVE-2015-4325Oct 12, 2015risk 0.00cvss —epss 0.00
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID…
- CVE-2015-4330Sep 2, 2015risk 0.00cvss —epss 0.01
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.
- CVE-2015-6261Aug 26, 2015risk 0.00cvss —epss 0.02
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID…
- CVE-2015-4318Aug 20, 2015risk 0.00cvss —epss 0.02
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528.
- CVE-2015-4329Aug 20, 2015risk 0.00cvss —epss 0.02
The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796.
- CVE-2015-4319Aug 20, 2015risk 0.00cvss —epss 0.02
The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors,…
- CVE-2015-4316Aug 20, 2015risk 0.00cvss —epss 0.02
The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a…
- CVE-2015-4303Aug 20, 2015risk 0.00cvss —epss 0.02
Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333.
- CVE-2015-4328Aug 20, 2015risk 0.00cvss —epss 0.02
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on…
- CVE-2015-4327Aug 20, 2015risk 0.00cvss —epss 0.00
The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542.
- CVE-2015-4320Aug 20, 2015risk 0.00cvss —epss 0.02
The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340.
- CVE-2015-4317Aug 20, 2015risk 0.00cvss —epss 0.03
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469.
- CVE-2015-4315Aug 20, 2015risk 0.00cvss —epss 0.02
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID…
- CVE-2015-4314Aug 20, 2015risk 0.00cvss —epss 0.01
The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422.
- CVE-2015-0772Jun 12, 2015risk 0.00cvss —epss 0.02
Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut42422.
Page 3 of 4