Cisco Telepresence Video Communication Server vulnerabilities

CVE-2019-12705 [MEDIUM] CWE-79 CVE-2019-12705: A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePrese A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient val

CVE-2019-1845 [HIGH] CWE-20 CVE-2019-1845: A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Pre A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of servi

CVE-2019-1872 [MEDIUM] CWE-918 CVE-2019-1872: A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series s A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulner

CVE-2019-1722 [MEDIUM] CWE-352 CVE-2019-1722: A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Commun A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based m

CVE-2019-1721 [MEDIUM] CWE-20 CVE-2019-1721: A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Co A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An

CVE-2019-1720 [MEDIUM] CWE-20 CVE-2019-1720: A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker c

CVE-2019-1679 [MEDIUM] CWE-918 CVE-2019-1679: A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and C A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery

CVE-2018-15430 [HIGH] CWE-20 CVE-2018-15430: A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresenc A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An att