Vulnerabilities > Cisco > Telepresence Video Communication Server > x12.5.2

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-3482 Improper Privilege Management vulnerability in Cisco products
A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations.
network
low complexity
cisco CWE-269
6.5
6.5
2020-10-08 CVE-2020-3596 Always-Incorrect Control Flow Implementation vulnerability in Cisco products
A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-670
7.5
7.5
2019-10-16 CVE-2019-12705 Cross-site Scripting vulnerability in Cisco Telepresence Video Communication Server
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
6.1
6.1
2019-06-05 CVE-2019-1845 Improper Input Validation vulnerability in Cisco products
A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.6
8.6