Lucene search
K

142 matches found

The Hacker News
The Hacker News
added 2023/06/08 5:18 a.m.6 views

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 CVSS score: 9.8 that cou...

9.8CVSS8.8AI score0.98281EPSS
Exploits12
CNNVD
CNNVD
added 2023/06/08 12:0 a.m.6 views

多款Cisco产品 安全漏洞

Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS are both products of Cisco, Inc.Cisco Expressway Series is software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters wo...

9.6CVSS6.8AI score0.00914EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/07 11:0 p.m.6 views

CVE-2023-20192

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cis...

9.6CVSS7.2AI score0.00656EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/07 11:0 p.m.9 views

CVE-2023-20105

A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with Read-only credentials to elevate privileges to Administrator on an affected system. This vulnerability is due to...

9.6CVSS6.9AI score0.00914EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-3112 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series versions affected versions not specified Cisco TelePresence Video Communication Server VCS versions affected versions not specified Description: The issue is related to insufficient role-based access control in the CLI...

9.6CVSS7.3AI score0.00656EPSS
Exploits0References5
CISA
CISA
added 2022/10/06 12:0 a.m.15 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...

1.6AI score
Exploits0References3
CNNVD
CNNVD
added 2022/10/05 12:0 a.m.7 views

Cisco Expressway Series和Cisco TelePresence Video Communication Server 信任管理问题漏洞

Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS are both products of Cisco, Inc.Cisco Expressway Series is software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters wo...

7.4CVSS5.3AI score0.00897EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.11 views

The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process, allowing attackers to execute a “man-in-the-middle” attack.

The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process for certificates. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

7.4CVSS6.5AI score0.01028EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2022/07/06 9:15 p.m.6 views

CVE-2022-20812

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...

6.5CVSS6AI score0.01795EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/14 12:0 a.m.6 views

The vulnerability of the logging component of Cisco Expressway micro-programming software and the Cisco TelePresence Video Communication Server micro-programming software for call management devices allows a perpetrator to disclose protected information.

The vulnerability of the logging component of Cisco Expressway microprogramming software and the Cisco TelePresence Video Communication Server microprogramming software management device relates to the disclosure of information through registration files. Exploiting this vulnerability can allow a...

4.3CVSS6.5AI score0.00887EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2022/05/27 2:15 p.m.4 views

CVE-2022-20807

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

6.5CVSS5.8AI score0.00913EPSS
Exploits0References1
OSV
OSV
added 2022/05/26 2:15 p.m.2 views

CVE-2022-20809

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

6.5CVSS5.8AI score0.00887EPSS
Exploits0References1
CVE
CVE
added 2022/05/26 2:0 p.m.907 views

CVE-2022-20809

Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) have a CVE-2022-20809 vulnerability in their API and web-based management interfaces that could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. The issue...

6.5CVSS5.7AI score0.00887EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/18 4:0 p.m.8 views

CVE-2022-20809

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

6.5CVSS6.6AI score0.00887EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/18 4:0 p.m.6 views

CVE-2022-20807

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

6.5CVSS6.6AI score0.00913EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.7 views

多款Cisco产品日志信息泄露漏洞

Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS are both products of Cisco, Inc.Cisco Expressway Series is software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters wo...

6.5CVSS6.6AI score0.00887EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/03/05 12:0 a.m.13 views

The vulnerability in the web interface for controlling Cisco Expressway Series and Cisco Telepresence VCS devices allows a hacker to execute arbitrary code as a root user.

The vulnerability of the Web interface for controlling Cisco Expressway Series and Cisco Telepresence VCS devices is related to insufficient checking of the command arguments entered by users. Exploiting this vulnerability allows a malicious actor to execute arbitrary code as a root user remotely...

9CVSS6AI score0.03177EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/03/03 12:0 a.m.5 views

CVE-2022-20755

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

9CVSS7.6AI score0.03177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/03/02 12:0 a.m.5 views

PT-2022-1784 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series affected versions not specified Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and web-based management...

9CVSS7.3AI score0.03177EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2022/03/02 12:0 a.m.3 views

PT-2022-1785 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and web-based management interfaces of the affected devices...

9CVSS7.4AI score0.03177EPSS
Exploits0References11
Rows per page
Query Builder