Vulnerabilites related to cisco - telepresence_advanced_media_gateway
Vulnerability from fkie_nvd
Published
2019-11-05 19:15
Modified
2024-11-21 04:29
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_advanced_media_gateway | 1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F9FBD4-ABD8-4EDE-9A2E-9E09F8524837",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la aplicaci\u00f3n web de Cisco TelePresence Advanced Media Gateway, podr\u00eda permitir a un atacante remoto autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad es debido a la falta de comprobaci\u00f3n de entrada en la aplicaci\u00f3n web. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP autenticada dise\u00f1ada hacia el dispositivo. Una explotaci\u00f3n podr\u00eda permitir al atacante detener los servicios en un dispositivo afectado. El dispositivo puede quedar inoperable y resultar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2019-15966",
"lastModified": "2024-11-21T04:29:50.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T19:15:10.633",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-25 00:59
Modified
2024-11-21 02:23
Severity ?
Summary
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.0\\(.1.13\\):*:*:*:*:*:*:*",
"matchCriteriaId": "02365039-7794-4A7C-B48F-AFEBAE929B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.1\\(.1.14\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9C6AB701-BFBA-4199-83AC-F5D39C56FEAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.1\\(1.34\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7FE013A-292B-46D7-80BE-3B26FBD05D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_gateway:2.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7B8A87-18A3-4F9A-80CA-531F8FD34EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_gateway:2.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CA75EBD3-C348-4175-AE49-C1F43168E591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_gateway:2.0.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5CB75-06D2-47DD-A435-1CD7887B4143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_1.0_converter:1.0\\(1.9\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A83850D3-C59D-4170-A5E1-4F9AFF068EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_2.4:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03952191-EEBA-434B-B38A-D4470731F74C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_3.0:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A280285-5B92-4518-8432-919654B0C34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_3.0:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "6B466E73-B28C-4AE1-8830-3D7ECAFDE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.0\\(1.51\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E8415303-8D7D-4E37-ACD0-6E6011D2B8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.22\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C9A30919-F651-4018-BE0F-71AF8C56BABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2CE00AF4-76FD-42E4-A0FC-6E1534282C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.49\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A2A3CF3A-6068-4D5D-BCDA-77B201E28800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.56\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C9E2011-B794-485A-93C6-EFDE17C98DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.1\\(1.51\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C7A0E502-987C-4BB3-BB30-4E46128D73EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.1\\(1.59\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0F653E6-270B-4BFF-8F26-2CD4A3B6F60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.2\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B3EFEACC-766F-4479-A69E-389D0448A44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.2\\(1.46\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF1356C5-A6BC-4D1F-A640-0E0D568797AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.2\\(1.50\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C844842F-45CF-43DC-84DA-C52AEB40E54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(1.68\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C3C20EAA-687B-4531-91EB-C1B835A6C0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(2.18\\):*:*:*:*:*:*:*",
"matchCriteriaId": "970A98BD-0018-44E2-B4AA-5715B383EB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(2.30\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BB0C1257-037A-4FED-8FAC-F39169A1D0B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(2.32\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D5FC7CE6-D1BE-4E78-9727-39AED8E04306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4\\(3.42\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F47D2C63-FA7A-4993-A44B-7DE1F9158EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4\\(3.49\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2C75377B-0CB7-461C-A857-1CC9BB394B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_serial_gateway:1.0.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "75DB1C8C-C9E5-4C83-B524-3E71B1FAACF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_serial_gateway:1.0.1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "63549A00-A34D-4A7E-A38C-6470EBBB0A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_serial_gateway:1.0.1.38:*:*:*:*:*:*:*",
"matchCriteriaId": "9D964BE9-A3B7-46D6-BBC6-0DBF0F13B91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.1\\(1.33\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4987F125-01CF-4D17-AF4C-E1F4BB977039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.1\\(1.37\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EB6EAFBB-5B0A-43E0-A7A7-8B2C17033301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B029054E-5575-40DA-B9C0-C45A0E938D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.48\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B4263AB-2AE2-418D-AFD1-FAA4CF46DE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.54\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D93A770A-3B67-4F27-B695-50F0430AFB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.55\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6C8E87AF-FAC5-419F-80DF-02EF48485990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.57\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1A5488C8-1B72-41D5-B346-1C27B529BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE67D1A0-522A-4FEB-A59E-27D8E8FA3196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(1.57\\):*:*:*:*:*:*:*",
"matchCriteriaId": "71B3BA0E-F4D1-484D-987D-F96DD3DECDB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(2.8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "28A70BA8-B132-4EAC-A9C5-706B5BE7D837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_supervisor_mse_8050_software:2.1\\(1.18\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEE3300B-EB67-43E2-B124-6BAFD8AE2AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_supervisor_mse_8050_software:2.2\\(1.17\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1F6C244B-DFCE-4E17-B13D-2DBB7053D0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_supervisor_mse_8050_software:2.3\\(1.32\\):*:*:*:*:*:*:*",
"matchCriteriaId": "555E1314-2954-4D81-8BFB-298CE9891106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
},
{
"lang": "es",
"value": "El Framework web en Cisco TelePresence Advanced Media Gateway Series Software anterior a 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software anterior a 3.0(1.27), Cisco TelePresence ISDN Gateway Software anterior a 2.2(1.94), Cisco TelePresence MCU Software anterior a 4.4(3.54) y 4.5 anterior a 4.5(1.45), Cisco TelePresence MSE Supervisor Software anterior a 2.3(1.38), Cisco TelePresence Serial Gateway Series Software anterior a 1.0(1.42), Cisco TelePresence Server Software for Hardware anterior a 3.1(1.98), y Cisco TelePresence Server Software for Virtual Machine anterior a 4.1(1.79) permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios root a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, y CSCur15855."
}
],
"id": "CVE-2015-0713",
"lastModified": "2024-11-21T02:23:35.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T00:59:01.357",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-10 17:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_advanced_media_gateway | 1.1\(1.40\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.1\\(1.40\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DF067B88-681B-454C-8C70-FE8CF1BC599E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732."
},
{
"lang": "es",
"value": "Vulnerabilidad CSRF en dispositivos Cisco TelePresence Advanced Media Gateway con versi\u00f3n 1.1(1.40), que permite a los atacantes sustraer la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug ID CSCuu90732."
}
],
"id": "CVE-2015-4254",
"lastModified": "2024-11-21T02:30:42.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-10T17:59:02.750",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39797"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2015-4254
Vulnerability from cvelistv5
Published
2015-07-10 17:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39797 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:12.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150710 Cisco TelePresence Advanced Media Gateway Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-07-10T17:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150710 Cisco TelePresence Advanced Media Gateway Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150710 Cisco TelePresence Advanced Media Gateway Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4254",
"datePublished": "2015-07-10T17:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:12.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0713
Vulnerability from cvelistv5
Published
2015-05-25 00:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T00:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0713",
"datePublished": "2015-05-25T00:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15966
Vulnerability from cvelistv5
Published
2019-11-05 19:05
Modified
2024-11-21 19:06
Severity ?
EPSS score ?
Summary
A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco TelePresence Advanced Media Gateway |
Version: 1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:55:54.443545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:06:14.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco TelePresence Advanced Media Gateway",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T19:05:36",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362"
}
],
"solutions": [
{
"lang": "en",
"value": "Cisco TelePresence Advanced Media Gateway is no longer receiving software updates. Please see the following link for EoS and EoL information: \nhttps://www.cisco.com/c/en/us/products/collateral/conferencing/telepresence-advanced-media-gateway-series/eos-eol-notice-c51-731683.html"
}
],
"source": {
"advisory": "CSCvr69362",
"defect": [
"CSCvr69362"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2019-15966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Advanced Media Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362",
"refsource": "MISC",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362"
}
]
},
"solution": [
{
"lang": "en",
"value": "Cisco TelePresence Advanced Media Gateway is no longer receiving software updates. Please see the following link for EoS and EoL information: \nhttps://www.cisco.com/c/en/us/products/collateral/conferencing/telepresence-advanced-media-gateway-series/eos-eol-notice-c51-731683.html"
}
],
"source": {
"advisory": "CSCvr69362",
"defect": [
"CSCvr69362"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-15966",
"datePublished": "2019-11-05T19:05:37",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-21T19:06:14.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}