Cisco Telepresence Tc Software vulnerabilities

CVE-2017-6648 [HIGH] CWE-399 CVE-2017-6648: A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Co A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms wit

CVE-2016-6459 [MEDIUM] CWE-78 CVE-2016-6459: Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could all Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.

CVE-2016-1387 [CRITICAL] CWE-287 CVE-2016-1387: The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 an The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

CVE-2015-4271 [MEDIUM] CWE-284 CVE-2015-4271: Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authent Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604.

CVE-2015-0770 [MEDIUM] CWE-20 CVE-2015-0770: CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integ CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.

CVE-2014-2174 [HIGH] CWE-284 CVE-2014-2174: Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement acce Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651.

CVE-2015-0722 [HIGH] CWE-399 CVE-2015-0722: The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952.

CVE-2015-0696 [MEDIUM] CWE-79 CVE-2015-0696: Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisc Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977.

CVE-2015-0697 [MEDIUM] CWE-601 CVE-2015-0697: Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3. Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.

CVE-2014-2169 [CRITICAL] CWE-20 CVE-2014-2169: Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211.

CVE-2014-2170 [CRITICAL] CWE-94 CVE-2014-2170: Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202.

CVE-2014-2171 [CRITICAL] CWE-119 CVE-2014-2171: Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Sof Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796.

CVE-2014-2175 [HIGH] CWE-20 CVE-2014-2175: Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cau Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849.

CVE-2014-2166 [HIGH] CWE-20 CVE-2014-2166: The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attac The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562.

CVE-2014-2167 [HIGH] CWE-20 CVE-2014-2167: The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 all The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua86589.

CVE-2014-2173 [HIGH] CWE-264 CVE-2014-2173: Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict acce Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692.

CVE-2014-2168 [HIGH] CWE-119 CVE-2014-2168: Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows rem Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804.

CVE-2014-2162 [HIGH] CWE-20 CVE-2014-2162: The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 all The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCud29566.

CVE-2014-2165 [HIGH] CWE-20 CVE-2014-2165: The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 all The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699.

CVE-2014-2164 [HIGH] CWE-20 CVE-2014-2164: The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 all The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651.