Vulnerabilities > Cisco > Telepresence Video Communication Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-20492 | Command Injection vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-06-28 | CVE-2023-20105 | Unspecified vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with Read-only credentials to elevate privileges to Administrator on an affected system. This vulnerability is due to incorrect handling of password change requests. | 6.5 |
| 2022-07-06 | CVE-2022-20812 | Path Traversal vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. | 6.5 |
| 2022-07-06 | CVE-2022-20813 | Improper Certificate Validation vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. | 5.9 |
| 2022-05-27 | CVE-2022-20807 | Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. | 6.5 |
| 2022-05-26 | CVE-2022-20809 | Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. | 6.5 |
| 2020-11-18 | CVE-2020-3482 | Improper Privilege Management vulnerability in Cisco products A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. | 6.5 |
| 2019-10-16 | CVE-2019-12705 | Cross-site Scripting vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 6.1 |
| 2019-06-05 | CVE-2019-1872 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Telepresence Video Communication Server A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. | 5.3 |
| 2019-05-03 | CVE-2019-1854 | Path Traversal vulnerability in Cisco Telepresence Video Communication Server X8.11.4 A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. | 4.3 |