Cisco Expressway Series和Cisco TelePresence Video Communication Server 跨站请求伪造漏洞

Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS are both products of Cisco, Inc.Cisco Expressway Series is software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters wo...

The vulnerability of the application software interface of Cisco Expressway Series and Cisco Telepresence VCS devices allows a perpetrator to execute arbitrary commands.

The vulnerability of the application software interface of Cisco Expressway Series and Cisco Telepresence VCS devices is related to the manipulation of inter-domain requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by redirecting the user’s attention...

PT-2024-1685 · Cisco · Cisco Expressway Series +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server affected versions not specified Description: A vulnerability in the SOAP API could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSR...

CVE-2022-20813

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...

The vulnerability of the XML API software interface of the Cisco TelePresence Video Communication Server and the Cisco Expressway gateway software allows a perpetrator to induce a service failure.

The vulnerability of the XML API software interface of Cisco TelePresence Video Communication Server and the Cisco Expressway gateway software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

PT-2019-1382 · Cisco · Cisco Telepresence Video Communication Server +2

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Conductor versions prior to XC4.3.4 Cisco Expressway Series versions prior to XC4.3.4 Cisco TelePresence Video Communication Server versions prior to XC4.3.4 Description: The issue is related to insufficient access controls...

The vulnerability of the XCP Router service in Cisco Unified Communications Manager IM and Presence Service, as well as the Cisco TelePresence Video Communication Server, allows a perpetrator to induce a service failure.

The vulnerability of the XCP Router service in Cisco Unified Communications Manager IM and Presence Service, as well as the Cisco TelePresence Video Communication Server, stems from insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failure...

CVE-2018-0326

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...

CVE-2018-0326

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...

Cisco TelePresence Server Crafted IPv6 Packet Handling DoS (cisco-sa-20160406-cts)

According to its self-reported version, the Cisco TelePresence Server running on the remote host is affected by a denial of service vulnerability due to improper handling of a specially crafted stream of IPv6 packets. An unauthenticated, remote attacker can exploit this, via a specially crafted...

Code injection

The kernel in Cisco TelePresence Server 3.0 through 4.24.18 on Mobility Services Engine MSE 8710 devices allows remote attackers to cause a denial of service panic and reboot via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673...

Code injection

Cisco TelePresence Server 4.12.29 through 4.24.17 on 7010; Mobility Services Engine MSE 8710; Multiparty Media 310, 320, and 820; and Virtual Machine VM devices allows remote attackers to cause a denial of service memory consumption or device reload via crafted HTTP requests that are not followed...

Code injection

Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine MSE 8710, Multiparty Media 310 and 320, and Virtual Machine VM devices allows remote attackers to cause a denial of service device reload via malformed STUN packets, aka Bug ID CSCuv01348...

CVE-2015-6312

Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine MSE 8710, Multiparty Media 310 and 320, and Virtual Machine VM devices allows remote attackers to cause a denial of service device reload via malformed STUN packets, aka Bug ID CSCuv01348...

CVE-2015-6313

Cisco TelePresence Server devices running 4.1(2.29)–4.2(4.17) on 7010, MSE 8710, Multiparty Media 310/320/820, and VM devices are affected by CVE-2015-6313 due to a denial-of-service in the HTTP parsing engine when processing crafted URLs. An unauthenticated remote attacker can cause memory exhau...

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT STUN packets. An attacker could explo...

Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability

A vulnerability in Cisco TelePresence Server devices running software versions 4.12.29 through 4.24.17 could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker...

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to enhance their privileges.

The vulnerability of the process-management microprogramming system used in Cisco TelePresence Video Communication Servers is related to deficiencies in access control for certain functions. Exploiting this vulnerability could allow an intruder, operating locally, to enhance their privileges by...

Cisco TelePresence Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web interface of Cisco TelePresence Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

Cisco TelePresence Server Denial of Service Vulnerability (cisco-sa-20150916-tps)

Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a...