VYPR

Meeting Server

by Cisco Systems, Inc.

CVEs (32)

  • CVE-2016-6448CriNov 3, 2016
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to…

  • CVE-2016-6447CriNov 3, 2016
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior…

  • CVE-2017-12249CriSep 13, 2017
    risk 0.59cvss 9.1epss 0.03

    A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability…

  • CVE-2016-6445CriOct 27, 2016
    risk 0.59cvss 9.1epss 0.03

    A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This…

  • CVE-2018-0439HigOct 5, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF…

  • CVE-2016-6444HigOct 27, 2016
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.

  • CVE-2018-0262HigMay 2, 2018
    risk 0.53cvss 8.1epss 0.04

    A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of…

  • CVE-2017-3837HigFeb 22, 2017
    risk 0.53cvss 8.1epss 0.02

    An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.…

  • CVE-2018-0280HigMay 17, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP…

  • CVE-2017-6763HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected application does not…

  • CVE-2017-3830HigFeb 22, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2.

  • CVE-2016-6446HigOct 27, 2016
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.

  • CVE-2018-0263HigJun 7, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal…

  • CVE-2017-6794MedSep 7, 2017
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials.…

  • CVE-2018-0371MedJun 21, 2018
    risk 0.43cvss 6.5epss 0.03

    A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this…

  • CVE-2017-12362MedNov 30, 2017
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular…

  • CVE-2017-12224MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect…

  • CVE-2016-1451MedJul 15, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.

  • CVE-2017-12311MedNov 16, 2017
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame…

  • CVE-2018-0359MedJun 21, 2018
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because…

Page 1 of 2