Vulnerabilities > Cisco > Telepresence Video Communication Server > x8.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-05 | CVE-2019-1845 | Improper Input Validation vulnerability in Cisco products A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. | 5.0 |
| 2019-04-18 | CVE-2019-1722 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 4.3 |
| 2019-04-18 | CVE-2019-1721 | Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. | 6.8 |
| 2019-04-18 | CVE-2019-1720 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. | 6.8 |
| 2019-02-07 | CVE-2019-1679 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. | 5.0 |
| 2016-07-07 | CVE-2016-1444 | Improper Input Validation vulnerability in Cisco products The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. | 5.8 |
| 2016-05-25 | CVE-2016-1400 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. | 5.0 |