Cisco Telepresence Video Communication Server X15.0.3 Expressway Edition

CPE Details

Cisco Telepresence Video Communication Server X15.0.3 Expressway Edition
x15.0.3
2024-10-18
09h17 +00:00
2024-10-18
09h17 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.3:*:*:*:expressway:*:*:*

Informations

Vendor

cisco

Product

telepresence_video_communication_server

Version

x15.0.3

Software Edition

expressway

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-20492 2024-10-02 16h55 +00:00 A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
6.7
Moyen
CVE-2017-12287 2017-10-19 06h00 +00:00 A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system. A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition. Cisco Bug IDs: CSCve77571.
4.3
Moyen
CVE-2015-0579 2015-01-14 18h00 +00:00 Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473.
5