Vulnerabilities > Cisco > Telepresence Video Communication Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-03 | CVE-2019-1854 | Path Traversal vulnerability in Cisco Telepresence Video Communication Server X8.11.4 A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. | 4.3 |
| 2019-04-18 | CVE-2019-1722 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 6.5 |
| 2019-04-18 | CVE-2019-1721 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. | 6.5 |
| 2019-04-18 | CVE-2019-1720 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. | 4.9 |
| 2019-02-07 | CVE-2019-1679 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. | 5.0 |
| 2018-10-05 | CVE-2018-15430 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server X7.2.4/X8.10.4/X8.9.2 A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. | 7.2 |
| 2018-08-15 | CVE-2018-0409 | Out-of-bounds Read vulnerability in Cisco products A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. | 7.5 |
| 2018-06-21 | CVE-2018-0358 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2017-10-19 | CVE-2017-12287 | Improper Input Validation vulnerability in Cisco products A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. | 4.3 |
| 2017-08-17 | CVE-2017-6790 | Unspecified vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. | 6.8 |