Cisco Expressway vulnerabilities

CVE-2024-20255 [HIGH] CWE-352 CVE-2024-20255: A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communicatio A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system

CVE-2024-20254 [CRITICAL] CWE-352 CVE-2024-20254: Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Serve Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devi

CVE-2024-20252 [CRITICAL] CWE-352 CVE-2024-20252: Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Serve Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devi

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2022-20813 [CRITICAL] CWE-158 CVE-2022-20813: Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Se Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Exp

CVE-2022-20812 [CRITICAL] CWE-158 CVE-2022-20812: Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Se Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Exp

CVE-2021-34716 [MEDIUM] CWE-460 CVE-2021-34716: A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePrese A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrect handling of certain crafted software images that a

CVE-2021-34715 [MEDIUM] CWE-347 CVE-2021-34715: A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. A

CVE-2020-3482 [MEDIUM] CWE-284 CVE-2020-3482: A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the a

CVE-2020-3596 [MEDIUM] CWE-789 CVE-2020-3596: A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePr A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit

CVE-2018-5390 [HIGH] CWE-400 CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() an Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

CVE-2017-3790 [HIGH] CWE-399 CVE-2017-3790: A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Vide A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied dat

CVE-2016-9207 [MEDIUM] CWE-20 CVE-2016-9207: A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthentica A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communicat