Cisco Meeting Server vulnerabilities

CVE-2023-20255 [MEDIUM] CWE-20 CVE-2023-20255: A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthent A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successfu

CVE-2021-40122 [MEDIUM] CWE-399 CVE-2021-40122: A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthen A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable A

CVE-2021-1524 [MEDIUM] CWE-20 CVE-2021-1524: A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A succ

CVE-2020-3160 [MEDIUM] CWE-20 CVE-2020-3160: A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Se A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation

CVE-2019-1623 [MEDIUM] CWE-77 CVE-2019-1623: A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability b

CVE-2019-1794 [MEDIUM] CWE-427 CVE-2019-1794: A vulnerability in the search path processing of Cisco Directory Connector could allow an authentica A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Direct

CVE-2019-1676 [MEDIUM] CWE-20 CVE-2019-1676: A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CM A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could ex

CVE-2019-1678 [MEDIUM] CWE-20 CVE-2019-1678: A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a par A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulner

CVE-2018-0439 [HIGH] CWE-352 CVE-2018-0439: A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthe A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An

CVE-2018-0359 [MEDIUM] CWE-384 CVE-2018-0359: A vulnerability in the session identification management functionality of the web-based management i A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected application does not assign a new session identifier to a use

CVE-2018-0371 [MEDIUM] CWE-20 CVE-2018-0371: A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, rem A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Web Admin Interface of an affe

CVE-2018-0263 [HIGH] CWE-16 CVE-2018-0263: A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to a A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful expl

CVE-2018-0280 [HIGH] CWE-20 CVE-2018-0280: A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP

CVE-2018-0262 [HIGH] CWE-16 CVE-2018-0262: A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unau A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external i

CVE-2017-12362 [MEDIUM] CWE-399 CVE-2017-12362: A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that direct

CVE-2017-12311 [MEDIUM] CWE-399 CVE-2017-12311: A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could

CVE-2017-12249 [CRITICAL] CWE-16 CVE-2017-12249: A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (C A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which

CVE-2017-6794 [MEDIUM] CWE-20 CVE-2017-6794: A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input

CVE-2017-6763 [HIGH] CWE-20 CVE-2017-6763: A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 coul A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected application does not properly validate Fragmentation Unit (FU-A) protocol packets. An attacker cou

CVE-2017-3830 [HIGH] CWE-20 CVE-2017-3830: A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2.