CVE-2016-1468

The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531...

Design/Logic Flaw

The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531...

CVE-2016-1338

Cisco TelePresence VCS (X8.5.1 and X8.5.2) is affected by a SIP message handling vulnerability that lets remote authenticated attackers cause a DoS (VoIP outage) via a crafted SIP message (Bug CSCuu43026). The root cause is incorrect SIP message processing. Impact is denial of service to VoIP cal...

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability (cisco-sa-20151007-vcs)

A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be...

CVE-2015-6318

Cisco TelePresence VCS Expressway X8.5.1/X8.5.2 is affected by a local, authenticated symbolic-link attack in the file handling of the request-xconfdump path, enabling write access to arbitrary linked files due to insufficient protection. Exploitation can allow insertion of arbitrary content into...

CVE-2015-4325

CVE-2015-4325 affects Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2. The issue is in the process-management code: terminating a firestarter.py supervised process and triggering a restart via the root account allows local attackers to gain elevated privileges. The Cisco adv...

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability

Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability exists in the symbolic link operation of Cisco TelePresence Video Communication Server VCS X8.5.2. A local attacker could exploit this vulnerability to perform a symbolic link attack on an affected system...

Cisco TelePresence Video Communication Server Expressway 信息泄露漏洞

Cisco TelePresence Video Communication Server（VCS）Expressway是美国思科（Cisco）公司的一款网真视频通信服务器，它能够与统一通信和语音通信环境集成，从而为使用各种通信工具的最终用户提供最佳体验。Cisco TelePresence VCS Expressway X8.5.2版本中存在安全漏洞。远程攻击者可借助Mobile and Remote AccessMRA角色并创建TFTP会话，利用该漏洞绕过既定的访问限制，读取配置文件。...

CVE-2015-4303

Cisco TelePresence Video Communication Server VCS X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333...

CVE-2015-4329

The Cisco TelePresence Video Communication Server (Expressway) admin web interface (VCS X8.5.2) is affected by CVE-2015-4329 due to insufficient input validation. An authenticated, remote attacker can craft HTTP requests to execute arbitrary OS commands on the underlying device, with potential pr...

Authentication flaw

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469...

Code injection

The CLI in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542...

CVE-2015-4320

The CVE-2015-4320 entry affects Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2, specifically the Configuration Log File component. Root cause: sensitive information is written into certain log files, enabling an authenticated, remote attacker to read logs and obtain sensiti...

CVE-2015-4327

The CVE-2015-4327 issue affects Cisco TelePresence Video Communication Server Expressway X8.5.2 CLI. The root cause is insufficient input validation when writing script arguments to a local file, enabling an authenticated, local attacker to gain root privileges by injecting/overwriting script par...

CVE-2015-4317

Cisco TelePresence Video Communication Server Expressway X8.5.2 is affected by CVE-2015-4317, a denial-of-service vulnerability caused by improper handling of malformed authentication messages. An unauthenticated, remote attacker can send a crafted authentication packet with invalid variables to ...