Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-08-22 | CVE-2015-4331 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Infrastructure Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958. | 3.5 |
| 2015-08-20 | CVE-2015-4318 | Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. | 5.0 |
| 2015-08-20 | CVE-2015-4329 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796. | 6.5 |
| 2015-08-20 | CVE-2015-4319 | Credentials Management vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1 The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338. | 5.5 |
| 2015-08-20 | CVE-2015-4316 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396. | 5.5 |
| 2015-08-20 | CVE-2015-4303 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. | 6.5 |
| 2015-08-20 | CVE-2015-4328 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552. | 4.0 |
| 2015-08-20 | CVE-2015-4327 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. | 7.2 |
| 2015-08-20 | CVE-2015-4320 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340. | 4.0 |
| 2015-08-20 | CVE-2015-4317 | Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. | 5.0 |