Vulnerabilities > Cisco > Telepresence Video Communication Server
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-08-08 | CVE-2016-1468 | OS Command Injection vulnerability in Cisco Telepresence Video Communication Server X8.5.2 The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. | 6.5 |
2016-07-07 | CVE-2016-1444 | Improper Input Validation vulnerability in Cisco products The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. | 5.8 |
2016-05-25 | CVE-2016-1400 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. | 5.0 |
2015-05-29 | CVE-2015-0752 | Cross-site Scripting vulnerability in Cisco Telepresence Video Communication Server X8.5.1 Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635. | 4.3 |
2015-01-14 | CVE-2015-0579 | Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473. | 5.0 |
2014-01-23 | CVE-2014-0675 | Credentials Management vulnerability in Cisco Telepresence Video Communication Server The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. | 6.4 |
2013-01-17 | CVE-2012-5444 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Servers Software X7.0.3 Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. | 5.0 |
2012-03-01 | CVE-2012-0331 | Resource Management Errors vulnerability in Cisco products Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319. | 7.5 |
2012-03-01 | CVE-2012-0330 | Resource Management Errors vulnerability in Cisco products Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. | 7.8 |