Cisco TelePresence Video Communication Server (VCS) Software Expressway X8.5.2

CPE Details

Cisco TelePresence Video Communication Server (VCS) Software Expressway X8.5.2
cisco
telepresence_video_communication_server_software
x8.5.2
2015-08-20
15h19 +00:00
2015-08-25
15h38 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*

Informations

Vendor

cisco

Product

telepresence_video_communication_server_software

Version

x8.5.2

Software Edition

expressway

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2016-1444 2016-07-07 12h00 +00:00 The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
6.5
Medium
CVE-2016-1338 2016-03-12 01h00 +00:00 Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026.
6.5
Medium
CVE-2016-1316 2016-02-09 01h00 +00:00 Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.
5.3
Medium
CVE-2015-4325 2015-10-12 08h00 +00:00 The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.
6.9
CVE-2015-6318 2015-10-12 08h00 +00:00 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969.
6.9
CVE-2015-4330 2015-09-02 14h00 +00:00 A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.
6.9
CVE-2015-6261 2015-08-26 12h00 +00:00 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.
4
CVE-2015-4318 2015-08-20 13h00 +00:00 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528.
5
CVE-2015-4303 2015-08-20 08h00 +00:00 Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333.
6.5
CVE-2015-4316 2015-08-20 08h00 +00:00 The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396.
5.5
CVE-2015-4329 2015-08-20 08h00 +00:00 The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796.
6.5
CVE-2015-4317 2015-08-19 22h00 +00:00 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469.
5
CVE-2015-4320 2015-08-19 22h00 +00:00 The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340.
4
CVE-2015-4327 2015-08-19 22h00 +00:00 The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542.
7.2
CVE-2015-4328 2015-08-19 22h00 +00:00 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.
4
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.