CVE-2016-1338

Cisco TelePresence VCS (X8.5.1 and X8.5.2) is affected by a SIP message handling vulnerability that lets remote authenticated attackers cause a DoS (VoIP outage) via a crafted SIP message (Bug CSCuu43026). The root cause is incorrect SIP message processing. Impact is denial of service to VoIP cal...

Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability

Cisco TelePresence Video Communication Server is a telepresence video communication server from Cisco that integrates with Unified Communications and voice communication environments to provide the best possible experience for end users using a variety of communication tools. A cross-site request...

Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability (cisco-sa-20151120-tvcs)

A vulnerability in Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to execute unwanted actions. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cisco TelePresence Video Communication Server VCS X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412...

CVE-2015-6376

CVE-2015-6376 affects Cisco TelePresence Video Communication Server (VCS) X8.5.1 and is a cross-site request forgery (CSRF/XSRF) vulnerability that could allow an unauthenticated remote attacker to hijack user authentication. The root cause is lack of CSRF protections. Public references indicate ...

CVE-2015-6318

Cisco TelePresence VCS Expressway X8.5.1/X8.5.2 is affected by a local, authenticated symbolic-link attack in the file handling of the request-xconfdump path, enabling write access to arbitrary linked files due to insufficient protection. Exploitation can allow insertion of arbitrary content into...

CVE-2015-4314

The System Snapshot feature in Cisco TelePresence Video Communication Server VCS Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422...

CVE-2015-4314

Cisco TelePresence Video Communication Server Expressway (X8.5.1) is affected by CVE-2015-4314 in the System Snapshot feature. An authenticated, remote attacker can read the snapshot file and obtain password hashes, enabling information disclosure. The vulnerability requires authenticated access;...

CVE-2015-0752

Cisco TelePresence Video Communication Server (VCS) version X8.5.1 is vulnerable to a cross‑site scripting (XSS) flaw in the web interface caused by improper input validation. A remote attacker can supply a crafted URL to inject arbitrary HTML/JavaScript in the user’s browser, potentially leading...