Vulnerabilities > Cisco > Telepresence Video Communication Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-05 | CVE-2019-1845 | Improper Input Validation vulnerability in Cisco products A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. | 8.6 |
| 2018-10-05 | CVE-2018-15430 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server X7.2.4/X8.10.4/X8.9.2 A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. | 7.2 |
| 2018-08-15 | CVE-2018-0409 | Out-of-bounds Read vulnerability in Cisco products A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. | 7.5 |
| 2018-06-21 | CVE-2018-0358 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2017-02-01 | CVE-2017-3790 | Improper Input Validation vulnerability in Cisco products A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. | 8.6 |
| 2016-08-08 | CVE-2016-1468 | OS Command Injection vulnerability in Cisco Telepresence Video Communication Server X8.5.2 The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. | 8.8 |
| 2016-05-25 | CVE-2016-1400 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. | 7.5 |