Cisco Telepresence Video Communication Server vulnerabilities

CVE-2019-12705 [MEDIUM] CWE-79 CVE-2019-12705: A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePrese A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient val

CVE-2019-1845 [HIGH] CWE-20 CVE-2019-1845: A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Pre A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of servi

CVE-2019-1872 [MEDIUM] CWE-918 CVE-2019-1872: A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series s A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulner

CVE-2019-1854 [MEDIUM] CWE-22 CVE-2019-1854: A vulnerability in the management web interface of Cisco Expressway Series could allow an authentica A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the

CVE-2019-1721 [MEDIUM] CWE-20 CVE-2019-1721: A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Co A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An

CVE-2019-1720 [MEDIUM] CWE-20 CVE-2019-1720: A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker c

CVE-2019-1722 [MEDIUM] CWE-352 CVE-2019-1722: A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Commun A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based m

CVE-2019-1679 [MEDIUM] CWE-918 CVE-2019-1679: A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and C A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery

CVE-2018-15430 [HIGH] CWE-20 CVE-2018-15430: A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresenc A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An att

CVE-2018-0409 [HIGH] CWE-20 CVE-2018-0409: A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vuln

CVE-2017-6790 [MEDIUM] CVE-2017-6790: A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communicati A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmi

CVE-2017-3790 [HIGH] CWE-399 CVE-2017-3790: A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Vide A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied dat

CVE-2016-1468 [HIGH] CWE-78 CVE-2016-1468: The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.

CVE-2016-1444 [MEDIUM] CWE-20 CVE-2016-1444: The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.

CVE-2016-1400 [HIGH] CWE-20 CVE-2016-1400: Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to c Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258.

CVE-2015-0752 [MEDIUM] CWE-79 CVE-2015-0752: Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5 Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.