Meeting Server
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6448 | Cri | 0.64 | 9.8 | 0.04 | Nov 3, 2016 | A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to… | ||
| CVE-2016-6447 | Cri | 0.64 | 9.8 | 0.03 | Nov 3, 2016 | A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior… | ||
| CVE-2017-12249 | Cri | 0.59 | 9.1 | 0.03 | Sep 13, 2017 | A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability… | ||
| CVE-2016-6445 | Cri | 0.59 | 9.1 | 0.03 | Oct 27, 2016 | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This… | ||
| CVE-2018-0439 | Hig | 0.57 | 8.8 | 0.01 | Oct 5, 2018 | A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF… | ||
| CVE-2016-6444 | Hig | 0.57 | 8.8 | 0.01 | Oct 27, 2016 | A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. | ||
| CVE-2018-0262 | Hig | 0.53 | 8.1 | 0.04 | May 2, 2018 | A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of… | ||
| CVE-2017-3837 | Hig | 0.53 | 8.1 | 0.02 | Feb 22, 2017 | An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.… | ||
| CVE-2018-0280 | Hig | 0.49 | 7.5 | 0.03 | May 17, 2018 | A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP… | ||
| CVE-2017-6763 | Hig | 0.49 | 7.5 | 0.02 | Aug 7, 2017 | A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected application does not… | ||
| CVE-2017-3830 | Hig | 0.49 | 7.5 | 0.03 | Feb 22, 2017 | A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2. | ||
| CVE-2016-6446 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2016 | A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. | ||
| CVE-2018-0263 | Hig | 0.48 | 7.4 | 0.01 | Jun 7, 2018 | A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal… | ||
| CVE-2017-6794 | Med | 0.44 | 6.7 | 0.01 | Sep 7, 2017 | A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials.… | ||
| CVE-2018-0371 | Med | 0.43 | 6.5 | 0.03 | Jun 21, 2018 | A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this… | ||
| CVE-2017-12362 | Med | 0.42 | 6.5 | 0.02 | Nov 30, 2017 | A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular… | ||
| CVE-2017-12224 | Med | 0.42 | 6.5 | 0.02 | Sep 7, 2017 | A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect… | ||
| CVE-2016-1451 | Med | 0.40 | 6.1 | 0.01 | Jul 15, 2016 | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922. | ||
| CVE-2017-12311 | Med | 0.38 | 5.8 | 0.02 | Nov 16, 2017 | A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame… | ||
| CVE-2018-0359 | Med | 0.36 | 5.5 | 0.00 | Jun 21, 2018 | A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because… |
- risk 0.64cvss 9.8epss 0.04
A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to…
- risk 0.64cvss 9.8epss 0.03
A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior…
- risk 0.59cvss 9.1epss 0.03
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability…
- risk 0.59cvss 9.1epss 0.03
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.
- risk 0.53cvss 8.1epss 0.04
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of…
- risk 0.53cvss 8.1epss 0.02
An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.…
- risk 0.49cvss 7.5epss 0.03
A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected application does not…
- risk 0.49cvss 7.5epss 0.03
A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.
- risk 0.48cvss 7.4epss 0.01
A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials.…
- risk 0.43cvss 6.5epss 0.03
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this…
- risk 0.42cvss 6.5epss 0.02
A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular…
- risk 0.42cvss 6.5epss 0.02
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.
- risk 0.38cvss 5.8epss 0.02
A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame…
- risk 0.36cvss 5.5epss 0.00
A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because…
Page 1 of 2