Cisco Expressway Edge Improper Authorization (cisco-sa-expressway-auth-kdFrcZ2j)

According to its self-reported version, Cisco Expressway Edge Improper Authorization is affected by a vulnerability. - A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due...

CVE-2024-20497

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

CVE-2024-20497 Cisco Expressway Edge Improper Authorization Vulnerability

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

CVE-2024-20497 Cisco Expressway Edge Improper Authorization Vulnerability

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

CVE-2024-20497

Cisco Expressway Edge (Expressway-E) is affected by an improper authorization vulnerability. An authenticated MRA user can masquerade as another user and potentially intercept calls or spoof caller IDs due to inadequate authorization checks for Mobile and Remote Access users. Exploitation require...

Cisco Expressway Edge Improper Authorization Vulnerability

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

mra.com.tw Cross Site Scripting vulnerability OBB-3012860

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)

According to its self-reported version, the Cisco TelePresence Video Communication Server VCS / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improp...

CVE-2016-1444

The Mobile and Remote Access MRA component in Cisco TelePresence Video Communication Server VCS X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601...

Authentication flaw

The Mobile and Remote Access MRA component in Cisco TelePresence Video Communication Server VCS X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601...

CVE-2016-1444

CVE-2016-1444 affects the Mobile and Remote Access (MRA) component of Cisco TelePresence VCS X8.1–X8.7 and Expressway X8.1–X8.6. The issue arises from improper certificate handling in MRA, allowing an unauthenticated, remote attacker to bypass authentication by presenting a trusted certificate an...

CVE-2016-1444

The Mobile and Remote Access MRA component in Cisco TelePresence Video Communication Server VCS X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601...

CVE-2015-6410

The Mobile and Remote Access MRA services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283...

CVE-2015-6410

Cisco Unified Communications Manager’s Mobile and Remote Access (MRA) services contain an identity-validation flaw that allows remote attackers to spoof a user and bypass call-reception/ call-setup restrictions. Root cause: edge-device identity validation mishandling (Bug CSCuu97283). Affected pr...

Cisco TelePresence Video Communication Server Expressway 信息泄露漏洞

Cisco TelePresence Video Communication Server（VCS）Expressway是美国思科（Cisco）公司的一款网真视频通信服务器，它能够与统一通信和语音通信环境集成，从而为使用各种通信工具的最终用户提供最佳体验。Cisco TelePresence VCS Expressway X8.5.2版本中存在安全漏洞。远程攻击者可借助Mobile and Remote AccessMRA角色并创建TFTP会话，利用该漏洞绕过既定的访问限制，读取配置文件。...

CVE-2015-6261

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access MRA role and establishing a TFTP session, aka Bug ID CSCuv78531...

Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability

A vulnerability in TFTP in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain unauthorized access to configuration files from the device by using TFTP. The vulnerability is due to lack of TFTP authentication and control for the...

Input validation

The Mobile and Remote Access MRA endpoint-validation feature in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka B...

CVE-2015-4316

The Mobile and Remote Access MRA endpoint-validation feature in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka B...

Cisco TelePresence Video Communication Server Expressway Access Vulnerability

A vulnerability in of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to falsely register their Mobile and Remote Access MRA endpoint. The vulnerability is due to insufficient validation of the registering phone line. An attacker coul...