Vulnerabilities > Cisco > Telepresence Video Communication Server Software
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-07 | CVE-2016-1444 | Improper Input Validation vulnerability in Cisco products The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. | 5.8 |
2016-03-12 | CVE-2016-1338 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1/X8.5.2 Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. | 8.0 |
2016-02-09 | CVE-2016-1316 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. | 5.0 |
2015-12-14 | CVE-2015-6410 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5 The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283. | 4.0 |
2015-12-13 | CVE-2015-6414 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software X8.6 Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516. | 2.1 |
2015-12-13 | CVE-2015-6413 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Server Software X8.6 Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. | 4.0 |
2015-11-21 | CVE-2015-6376 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1 Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412. | 6.8 |
2015-10-12 | CVE-2015-6318 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1/X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969. | 6.9 |
2015-10-12 | CVE-2015-4325 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272. | 6.9 |
2015-09-02 | CVE-2015-4330 | OS Command Injection vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. | 6.9 |