Cisco Meeting Server vulnerabilities

CVE-2023-20255 [MEDIUM] CWE-20 CVE-2023-20255: A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthent A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successfu

CVE-2021-40122 [MEDIUM] CWE-399 CVE-2021-40122: A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthen A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable A

CVE-2021-1524 [MEDIUM] CWE-20 CVE-2021-1524: A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A succ

CVE-2020-3160 [MEDIUM] CWE-20 CVE-2020-3160: A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Se A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation

CVE-2019-1623 [MEDIUM] CWE-77 CVE-2019-1623: A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability b

CVE-2019-1676 [MEDIUM] CWE-20 CVE-2019-1676: A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CM A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could ex

CVE-2019-1678 [MEDIUM] CWE-20 CVE-2019-1678: A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a par A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulner

CVE-2018-15446 [MEDIUM] CWE-200 CVE-2018-15446: A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain acce A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by s

CVE-2018-0439 [HIGH] CWE-352 CVE-2018-0439: A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthe A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An