VYPR

Expressway Software

by Cisco Systems, Inc.

CVEs (42)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2017-3790HigFeb 1, 2017
    risk 0.56cvss 8.6epss 0.03

    A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition.…

  • CVE-2018-0409HigAug 15, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage…

  • CVE-2016-9207MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability…

  • CVE-2025-20179MedFeb 5, 2025
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management…

  • CVE-2017-12287MedOct 19, 2017
    risk 0.28cvss 4.3epss 0.02

    A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart…

  • CVE-2023-20209Aug 16, 2023
    risk 0.03cvss epss 0.38

    A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could…

  • CVE-2019-1845Jun 5, 2019
    risk 0.01cvss epss 0.05

    A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a…

  • CVE-2022-20814Nov 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server…

  • CVE-2022-20853Nov 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF…

  • CVE-2024-20492Oct 2, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have…

  • CVE-2024-20497Sep 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could…

  • CVE-2024-20400Jul 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could…

  • CVE-2024-20255Feb 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient…

  • CVE-2024-20254Feb 7, 2024
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco…

  • CVE-2024-20252Feb 7, 2024
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco…

  • CVE-2023-20192Jun 28, 2023
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an…

  • CVE-2023-20105Jun 28, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with Read-only credentials to elevate privileges to Administrator on an affected system. This…

  • CVE-2022-20813Jul 6, 2022
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected…

  • CVE-2022-20812Jul 6, 2022
    risk 0.00cvss epss 0.02

    Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected…

Page 1 of 3