Lucene search
K

526 matches found

NVD
NVD
added 2024/11/15 4:15 p.m.35 views

CVE-2022-20814

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...

7.4CVSS0.00897EPSS
Exploits0References4
OSV
OSV
added 2024/11/15 4:15 p.m.8 views

CVE-2022-20814

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...

7.4CVSS5.8AI score0.00897EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/15 3:32 p.m.36 views

CVE-2022-20814 Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...

7.4CVSS0.00897EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/15 3:32 p.m.14 views

CVE-2022-20814 Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...

7.4CVSS7.2AI score0.00897EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/15 3:27 p.m.15 views

CVE-2022-20853 Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

7.4CVSS0.00615EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/15 3:27 p.m.16 views

CVE-2022-20853 Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

7.4CVSS7.4AI score0.00615EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.5 views

Cisco Expressway Series和Cisco TelePresence Video Communication Server 跨站请求伪造漏洞

Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS are both products of Cisco, Inc.Cisco Expressway Series is software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters wo...

7.4CVSS6.5AI score0.00615EPSS
Exploits0References4
CNVD
CNVD
added 2024/10/17 12:0 a.m.9 views

Cisco Expressway Series Command Injection Vulnerability

Cisco Expressway Series is a software from Cisco USA for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters work more efficiently on the devices of their choice. A command injection vulnerability exists ...

6.7CVSS7.1AI score0.00551EPSS
Exploits0References1
OSV
OSV
added 2024/10/02 5:15 p.m.4 views

CVE-2024-20492

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level...

6.7CVSS5.8AI score0.00551EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.24 views

CVE-2024-20492

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level...

6.7CVSS0.00551EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 4:55 p.m.58 views

CVE-2024-20492

Cisco Expressway Series contains a local privilege-escalation vulnerability (CVE-2024-20492) in the restricted shell. An authenticated administrator with read-write access can submit crafted CLI commands to escape the restricted shell and gain root on the underlying OS due to insufficient input v...

6.7CVSS6.4AI score0.00551EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/02 4:55 p.m.24 views

CVE-2024-20492 Cisco Expressway Series Privilege Escalation Vulnerability

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level...

6CVSS7.3AI score0.00551EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 4:55 p.m.21 views

CVE-2024-20492 Cisco Expressway Series Privilege Escalation Vulnerability

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level...

6CVSS0.00551EPSS
Exploits0References1
Cisco
Cisco
added 2024/10/02 4:0 p.m.37 views

Cisco Expressway Series Privilege Escalation Vulnerability

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level...

6CVSS6.5AI score0.00551EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.6 views

Cisco Expressway Series 安全漏洞

Cisco Expressway Series is a software from Cisco USA for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters work more efficiently on the devices of their choice. A command injection vulnerability exists ...

6.7CVSS7.2AI score0.00551EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.8 views

PT-2024-8632 · Cisco · Cisco Expressway Series

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series affected versions not specified Description: A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying...

6.8CVSS7.3AI score0.00551EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2024/10/02 12:0 a.m.6 views

The vulnerability of the Expressway-E server allows attackers to impersonate other users within the compromised system, using devices that are part of the Cisco Expressway Series and Cisco Telepresence VCS family.

The vulnerability of the Expressway-E server in Cisco Expressway Series and Cisco Telepresence VCS conference communication devices is related to improper authentication. Exploiting this vulnerability allows a malicious actor to impersonate another user within the compromised system...

4.3CVSS5.5AI score0.00322EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2024/09/24 12:0 a.m.7 views

Cisco Expressway Edge Authorization Issues Vulnerability

Cisco Expressway Edge Cisco Expressway-E is a secure access application from Cisco USA. Cisco Expressway Edge suffers from an authorization issue vulnerability that stems from insufficient authorization checks for mobile and remote access users, which can be exploited by an authenticated remote...

4.3CVSS6.7AI score0.00322EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/09/11 12:0 a.m.24 views

Cisco Expressway Edge Improper Authorization (cisco-sa-expressway-auth-kdFrcZ2j)

According to its self-reported version, Cisco Expressway Edge Improper Authorization is affected by a vulnerability. - A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due...

4.3CVSS5.8AI score0.00322EPSS
Exploits0References3
OSV
OSV
added 2024/09/04 5:15 p.m.3 views

CVE-2024-20497

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

4.3CVSS5.8AI score0.00322EPSS
Exploits0References1
Rows per page
Query Builder