Cisco Meeting Server vulnerabilities

CVE-2017-3837 [HIGH] CWE-20 CVE-2017-3837: An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash une

CVE-2016-6448 [CRITICAL] CWE-119 CVE-2016-6448: A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Se

CVE-2016-6447 [CRITICAL] CWE-119 CVE-2016-6447: A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attac A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8,

CVE-2016-6445 [CRITICAL] CWE-20 CVE-2016-6445: A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meetin A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated auth

CVE-2016-6444 [HIGH] CWE-352 CVE-2016-6444: A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.

CVE-2016-6446 [HIGH] CWE-200 CVE-2016-6446: A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attack A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.

CVE-2016-1451 [MEDIUM] CWE-79 CVE-2016-1451: Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Serv Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.