Vulnerabilities > Cisco > Telepresence System Software > 1.8.14
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-09-12 | CVE-2014-3362 | Resource Management Errors vulnerability in Cisco products Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677. | 7.8 |
2014-05-26 | CVE-2014-3274 | Cryptographic Issues vulnerability in Cisco Telepresence System Software Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326. | 4.3 |
2014-05-02 | CVE-2014-2161 | Improper Input Validation vulnerability in Cisco products The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731. | 7.8 |
2014-05-02 | CVE-2014-2160 | Improper Input Validation vulnerability in Cisco products The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745. | 7.8 |
2014-05-02 | CVE-2014-2159 | Improper Input Validation vulnerability in Cisco products The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722. | 7.8 |
2014-05-02 | CVE-2014-2158 | Improper Input Validation vulnerability in Cisco products Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720. | 7.8 |
2014-05-02 | CVE-2014-2157 | Improper Input Validation vulnerability in Cisco products Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733. | 7.1 |
2014-05-02 | CVE-2014-2156 | Improper Input Validation vulnerability in Cisco products Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739. | 7.1 |
2014-01-22 | CVE-2014-0661 | Code Injection vulnerability in Cisco products The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796. | 8.3 |
2013-08-08 | CVE-2013-3454 | Credentials Management vulnerability in Cisco products Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. | 10.0 |