Cisco TelePresence Conductor REST API Server-Side Request Forgery Vulnerability

According to its self-reported version number, remote Cisco TelePresence Conductor device is affected by a server-side request forgery vulnerability which could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. Note that an attacker...

The vulnerability in the web interface of software for Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server allows a perpetrator to compromise the integrity of protected information.

The vulnerability of the software web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server lies in insufficiently checking incoming requests. Exploiting this vulnerability allows a malicious actor to compromise the integrity of...

PT-2019-1382 · Cisco · Cisco Telepresence Video Communication Server +2

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Conductor versions prior to XC4.3.4 Cisco Expressway Series versions prior to XC4.3.4 Cisco TelePresence Video Communication Server versions prior to XC4.3.4 Description: The issue is related to insufficient access controls...

The vulnerability of the microprogramming software of the Cisco TelePresence Conductor conference call control device allows a intruder to gain access to the device.

The vulnerability of the control interface for microprogramming-based conference communication devices like Cisco TelePresence Conductor is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to the device using a...

Cisco TelePresence Conductor Login Security Bypass Vulnerability

According to its self-reported version number, the Cisco TelePresence Conductor on the remote host contains an vulnerability due to inadequate validation of parameters passed during the login process. A remote attacker, using a crafted request and knowledge of a valid user name, can bypass...

Cisco TelePresence Conductor SDP Media Description Vulnerability

According to its self-reported version number, the Cisco TelePresence Conductor on the remote host contains an vulnerability related to the Session Description Protocol SDP packet handler function. A remote, unauthenticated attacker, using a crafted SDP packet to trigger a reload, can exploit thi...

CVE-2015-0652

CVE-2015-0652 affects Cisco TelePresence VCS, Cisco Expressway (before X8.2) and Cisco TelePresence Conductor (before XC2.4). The SDP packet handler vulnerability allows a remote, unauthenticated attacker to cause a denial of service (mishandled exception and device reload) via a crafted SDP medi...

Cisco TelePresence Conductor GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST)

According to its self-reported version number, the Cisco TelePresence Conductor remote device is affected by a heap-based buffer overflow vulnerability in the GNU C Library glibc due to improperly validating user-supplied input to the nsshostnamedigitsdots, gethostbyname, and gethostbyname2...

Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)

According to its self-reported version number, remote Cisco TelePresence Conductor device is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment...

Cisco TelePresence Conductor Default Credentials (Web UI)

It is possible to log into the remote Cisco TelePresence Conductor installation by providing the default credentials. A remote, unauthenticated attacker can exploit this to gain administrative control. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...