Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cisco Subscribe
Filtered by product Telepresence Video Communication Server Software
Total 29 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1444 1 Cisco 2 Telepresence Video Communication Server, Telepresence Video Communication Server Software 2020-08-27 5.8 MEDIUM 6.5 MEDIUM
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
CVE-2015-0653 1 Cisco 3 Expressway Software, Telepresence Conductor, Telepresence Video Communication Server Software 2019-06-11 10.0 HIGH N/A
The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.
CVE-2015-4320 1 Cisco 1 Telepresence Video Communication Server Software 2017-09-20 4.0 MEDIUM N/A
The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340.
CVE-2015-4303 1 Cisco 1 Telepresence Video Communication Server Software 2017-09-20 6.5 MEDIUM N/A
Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333.
CVE-2015-4314 1 Cisco 1 Telepresence Video Communication Server Software 2017-09-20 4.0 MEDIUM N/A
The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422.
CVE-2015-4315 1 Cisco 1 Telepresence Video Communication Server Software 2017-09-20 5.5 MEDIUM N/A
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.
CVE-2015-4316 1 Cisco 1 Telepresence Video Communication Server Software 2017-09-20 5.5 MEDIUM N/A
The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396.
CVE-2015-4317 1 Cisco 1 Telepresence Video Communication Server Software 2017-09-20 5.0 MEDIUM N/A
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469.
CVE-2015-4318 1 Cisco 1 Telepresence Video Communication Server Software 2017-09-20 5.0 MEDIUM N/A
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528.
CVE-2014-0662 1 Cisco 2 Telepresence Video Communication Server Software, Telepresence Video Communication Servers Software 2017-08-28 7.1 HIGH N/A
The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.
CVE-2015-6318 1 Cisco 1 Telepresence Video Communication Server Software 2017-01-04 6.9 MEDIUM N/A
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969.
CVE-2015-4330 1 Cisco 1 Telepresence Video Communication Server Software 2017-01-04 6.9 MEDIUM N/A
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.
CVE-2015-4329 1 Cisco 1 Telepresence Video Communication Server Software 2017-01-04 6.5 MEDIUM N/A
The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796.
CVE-2015-6261 1 Cisco 1 Telepresence Video Communication Server Software 2017-01-04 4.0 MEDIUM N/A
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.
CVE-2015-4319 1 Cisco 1 Telepresence Video Communication Server Software 2017-01-04 5.5 MEDIUM N/A
The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338.
CVE-2015-0772 1 Cisco 1 Telepresence Video Communication Server Software 2017-01-04 7.1 HIGH N/A
Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut42422.
CVE-2015-4325 1 Cisco 1 Telepresence Video Communication Server Software 2017-01-04 6.9 MEDIUM N/A
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.
CVE-2015-4327 1 Cisco 1 Telepresence Video Communication Server Software 2017-01-04 7.2 HIGH N/A
The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542.
CVE-2015-4328 1 Cisco 1 Telepresence Video Communication Server Software 2017-01-04 4.0 MEDIUM N/A
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.
CVE-2015-6413 1 Cisco 1 Telepresence Video Communication Server Software 2016-12-07 4.0 MEDIUM N/A
Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.