Cisco Meeting Server vulnerabilities

CVE-2017-3837 [HIGH] CWE-20 CVE-2017-3837: An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash une

CVE-2016-6448 [CRITICAL] CWE-119 CVE-2016-6448: A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Se

CVE-2016-6447 [CRITICAL] CWE-119 CVE-2016-6447: A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attac A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8,

CVE-2016-6445 [CRITICAL] CWE-20 CVE-2016-6445: A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meetin A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated auth

CVE-2016-6444 [HIGH] CWE-352 CVE-2016-6444: A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.

CVE-2016-6446 [HIGH] CWE-200 CVE-2016-6446: A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attack A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.

CVE-2016-1451 [MEDIUM] CWE-79 CVE-2016-1451: Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Serv Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.

CVE-2018-15446 Cisco Meeting Server Information Disclosure Vulnerability CVE-2018-15446: Cisco Meeting Server Information Disclosure Vulnerability A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sen

CVE-2017-12264 Cisco Meeting Server Denial of Service Vulnerability CVE-2017-12264: Cisco Meeting Server Denial of Service Vulnerability A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A succes