14 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2022-20812
CVE-2022-20812 affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). It enables an authenticated remote attacker with Administrator read-write privileges to trigger path traversal and overwrite arbitrary files via the cluster database API due to insufficient inp...
CVE-2022-20813
CVE-2022-20813 affects Cisco Expressway Series (Expressway-C/Expressway-E) and Cisco TelePresence Video Communication Server (VCS). The flaw is a null byte poisoning vulnerability arising from improper certificate validation, enabling a remote attacker to mount a Man‑in‑the‑Middle and gain unauth...
CVE-2018-5390
CVE-2018-5390 (SegmentSmack) affects Linux kernels 4.9+ where specially crafted TCP packets can trigger expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(), potentially exhausting CPU and causing DoS. The Citrix advisory corroborates that TCP reassembly issues can lead to CPU sa...
CVE-2024-20255
CVE-2024-20255 affects Cisco Expressway Series and Cisco TelePresence Video Communication Server via the SOAP API on the web-based management interface. Insufficient CSRF protections permit an unauthenticated, remote attacker to induce a user to follow a crafted link, causing the device to reload...
CVE-2021-34716
Cisco Expressway Series and TelePresence Video Communication Server (VCS) are affected by a web-based management interface vulnerability that lets an authenticated admin upload crafted software images to execute arbitrary code on the underlying OS as root. Root-level RCE stems from improper handl...
CVE-2020-3596
Cisco Expressway Series and TelePresence Video Communication Server (VCS) are affected by a DoS vulnerability in the SIP handling mechanism. An unauthenticated, remote attacker can cause memory exhaustion by sending a sequence of SIP packets to the device, potentially crashing it. The issue is du...
CVE-2024-20252
CVE-2024-20252 affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). An unauthenticated, network-based attacker can exploit cross-site request forgery (CSRF) in the web-based management interface to perform arbitrary actions on an affected device. The issue requ...
CVE-2024-20254
Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) are affected by CSRF vulnerabilities that allow an unauthenticated, remote attacker to perform arbitrary actions on the device. The issues arise from insufficient CSRF protections in the web-based management interface...
CVE-2021-34715
CVE-2021-34715 affects Cisco Expressway Series and TelePresence Video Communication Server (VCS) image verification. The issue arises from insufficient validation of upgrade package contents, enabling an authenticated, remote attacker to upload a malicious archive via the Upgrade page and execute...
CVE-2020-3482
CVE-2020-3482 affects Cisco Expressway’s TURN server component. The issue arises from improper validation of specific connection information, allowing an unauthenticated, remote attacker to bypass security controls and send traffic to destinations beyond the application. Impact could be unauthori...
CVE-2017-3790
CVE-2017-3790 affects Cisco Expressway Series and Cisco TelePresence VCS Software prior to 8.8.2. The flaw arises from insufficient size validation in the received-packet parser, allowing an unauthenticated remote attacker to send crafted H.224 data in RTP within an H.323 call to overflow a cache...
CVE-2017-12287
CVE-2017-12287 affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) Software. The issue stems from incomplete input validation of URL requests in the REST API of the CDB management component, allowing an authenticated, remote attacker to send a crafted URL that ...
CVE-2016-9207
The CVE-2016-9207 issue affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) in the HTTP traffic server component. The root cause is insufficient access control for TCP traffic passing through the Expressway, enabling an unauthenticated, remote attacker...