Cisco TelePresence VCS and Conductor SDP Message Denial of Service Vulnerability

Cisco TelePresence is a telepresence conferencing solution developed by Cisco.Cisco Expressway is a video conferencing application. A security vulnerability in Cisco TelePresence VCS and Conductor SDP message handling allows attackers to exploit the vulnerability to submit special IPv4 or IPv6v6...

Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor

Cisco TelePresence Video Communication Server VCS, Cisco Expressway and Cisco TelePresence Conductor contain the following vulnerabilities: SDP Media Description Denial of Service Vulnerability Authentication Bypass Vulnerability Successful exploitation of the SDP Media Description Denial of...

Cisco TelePresence Conductor GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST)

According to its self-reported version number, the Cisco TelePresence Conductor remote device is affected by a heap-based buffer overflow vulnerability in the GNU C Library glibc due to improperly validating user-supplied input to the nsshostnamedigitsdots, gethostbyname, and gethostbyname2...

Cisco TelePresence Conductor Detection

Binary data ciscotelepresenceconductordetect.nbin...

Cisco TelePresence Conductor WebUI Detection

Binary data ciscotelepresenceconductorwebuidetect.nbin...

Cisco TelePresence Conductor Default Credentials (Web UI)

It is possible to log into the remote Cisco TelePresence Conductor installation by providing the default credentials. A remote, unauthenticated attacker can exploit this to gain administrative control. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)

According to its self-reported version number, remote Cisco TelePresence Conductor device is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment...

CVE-2012-6118

The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting...

Design/Logic Flaw

The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting...

CVE-2012-6118

The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting...

CVE-2012-6118

The CVE-2012-6118 issue affects Aeolus Conductor’s web-based management console, where an unprivileged (authenticated) user could bypass quota restrictions by modifying the Maximum Running Instances quota setting. Connected sources corroborate an authorization-bypass style flaw tied to Conductor ...

Conductor: Unprivileged user can change their own Maximum Running Instances quota

The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting...

Cisco TelePresence Video Communication Server Policy Services Security Bypass Vulnerability

Cisco TelePresence Video Communication Server VCS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system. The vulnerability is due to improper processing of certain search rules processed by the affected software. An...

Design/Logic Flaw

Cisco TelePresence Video Communication Server VCS X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989...

CVE-2012-5444

Cisco TelePresence Video Communication Server (VCS) X7.0.3 contains a vulnerability where improper processing of certain search rules can be exploited by an unauthenticated, remote attacker to bypass security restrictions and create conferences via an unspecified Conductor request. The Cisco advi...

Denial of Service (DoS) Vulnerability in JP1/ServerConductor/Control Manager

Overview A built-in database in JP1/ServerConductor/Control Manager contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the process abends, the service can be restarted by rebooting th...

Forced Shutdown or Restart with JP1/ServerConductor/Deployment Manager

Overview JP1/ServerConductor/Deployment Manager's Client Service for DPM has a vulnerability which could cause a shutdown or restart of the client computer when receiving ill-formed data. Impact A remote attacker could shut down or restart the target system. Solution Please refer to the 'Vendor...