Vulnerabilites related to cisco - telepresence_server_software
cve-2015-0660
Vulnerability from cvelistv5
Published
2015-03-14 01:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1031924 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031924",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031924"
},
{
"name": "20150312 Cisco Virtual TelePresence Server Serial Console Privileged Access",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-17T17:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1031924",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031924"
},
{
"name": "20150312 Cisco Virtual TelePresence Server Serial Console Privileged Access",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031924",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031924"
},
{
"name": "20150312 Cisco Virtual TelePresence Server Serial Console Privileged Access",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0660",
"datePublished": "2015-03-14T01:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3324
Vulnerability from cvelistv5
Published
2014-07-26 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324 | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/60456 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/68885 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030640 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94847 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=35031 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140724 Cisco TelePresence Management Interface Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324"
},
{
"name": "60456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60456"
},
{
"name": "68885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68885"
},
{
"name": "1030640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030640"
},
{
"name": "cisco-telepresence-cve20143324-xss(94847)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140724 Cisco TelePresence Management Interface Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324"
},
{
"name": "60456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60456"
},
{
"name": "68885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68885"
},
{
"name": "1030640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030640"
},
{
"name": "cisco-telepresence-cve20143324-xss(94847)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35031"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140724 Cisco TelePresence Management Interface Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324"
},
{
"name": "60456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60456"
},
{
"name": "68885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68885"
},
{
"name": "1030640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030640"
},
{
"name": "cisco-telepresence-cve20143324-xss(94847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94847"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35031",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35031"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3324",
"datePublished": "2014-07-26T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1176
Vulnerability from cvelistv5
Published
2013-04-18 18:00
Modified
2024-09-16 19:52
Severity ?
EPSS score ?
Summary
The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130417 Cisco TelePresence Infrastructure Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-18T18:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130417 Cisco TelePresence Infrastructure Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130417 Cisco TelePresence Infrastructure Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1176",
"datePublished": "2013-04-18T18:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T19:52:01.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0713
Vulnerability from cvelistv5
Published
2015-05-25 00:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T00:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0713",
"datePublished": "2015-05-25T00:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6284
Vulnerability from cvelistv5
Published
2015-09-20 14:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033580 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033580",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033580"
},
{
"name": "20150916 Cisco TelePresence Server Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1033580",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033580"
},
{
"name": "20150916 Cisco TelePresence Server Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033580",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033580"
},
{
"name": "20150916 Cisco TelePresence Server Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6284",
"datePublished": "2015-09-20T14:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3815
Vulnerability from cvelistv5
Published
2017-03-17 22:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96922 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038035 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco TelePresence Server |
Version: Cisco TelePresence Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps"
},
{
"name": "96922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96922"
},
{
"name": "1038035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco TelePresence Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco TelePresence Server"
}
]
}
],
"datePublic": "2017-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "API Privilege Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps"
},
{
"name": "96922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96922"
},
{
"name": "1038035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Server",
"version": {
"version_data": [
{
"version_value": "Cisco TelePresence Server"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "API Privilege Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps"
},
{
"name": "96922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96922"
},
{
"name": "1038035",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-3815",
"datePublished": "2017-03-17T22:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-05T14:39:40.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6304
Vulnerability from cvelistv5
Published
2015-09-24 14:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=41128 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1033644 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150922 Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41128"
},
{
"name": "1033644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150922 Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41128"
},
{
"name": "1033644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150922 Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41128"
},
{
"name": "1033644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6304",
"datePublished": "2015-09-24T14:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-09-24 14:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=41128 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1033644 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=41128 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033644 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_server_software | 3.0\(2.24\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE67D1A0-522A-4FEB-A59E-27D8E8FA3196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en el software Cisco TelePresence Server 3.0 (2.24), permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocida como Bug IDs CSCut63718, CSCut63724 y CSCut63760."
}
],
"id": "CVE-2015-6304",
"lastModified": "2024-11-21T02:34:44.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-24T14:59:01.703",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41128"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033644"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-14 01:59
Modified
2024-11-21 02:23
Severity ?
Summary
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_server_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07C6FF37-F030-4FF6-9C02-37D81B50EC50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123."
},
{
"lang": "es",
"value": "El software Cisco Virtual TelePresence Server no restringe de forma adecuada el uso de un puerto serial, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario de comandos del Sistema Operativo como root aprovechando los privilegios de administraci\u00f3n del controlador vSphere, tambi\u00e9n conocido como ID CSCus61123."
}
],
"id": "CVE-2015-0660",
"lastModified": "2024-11-21T02:23:29.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-14T01:59:09.033",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1031924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031924"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-25 00:59
Modified
2024-11-21 02:23
Severity ?
Summary
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.0\\(.1.13\\):*:*:*:*:*:*:*",
"matchCriteriaId": "02365039-7794-4A7C-B48F-AFEBAE929B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.1\\(.1.14\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9C6AB701-BFBA-4199-83AC-F5D39C56FEAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.1\\(1.34\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7FE013A-292B-46D7-80BE-3B26FBD05D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_gateway:2.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7B8A87-18A3-4F9A-80CA-531F8FD34EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_gateway:2.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CA75EBD3-C348-4175-AE49-C1F43168E591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_gateway:2.0.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5CB75-06D2-47DD-A435-1CD7887B4143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_1.0_converter:1.0\\(1.9\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A83850D3-C59D-4170-A5E1-4F9AFF068EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_2.4:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03952191-EEBA-434B-B38A-D4470731F74C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_3.0:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A280285-5B92-4518-8432-919654B0C34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_3.0:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "6B466E73-B28C-4AE1-8830-3D7ECAFDE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.0\\(1.51\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E8415303-8D7D-4E37-ACD0-6E6011D2B8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.22\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C9A30919-F651-4018-BE0F-71AF8C56BABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2CE00AF4-76FD-42E4-A0FC-6E1534282C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.49\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A2A3CF3A-6068-4D5D-BCDA-77B201E28800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.56\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C9E2011-B794-485A-93C6-EFDE17C98DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.1\\(1.51\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C7A0E502-987C-4BB3-BB30-4E46128D73EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.1\\(1.59\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0F653E6-270B-4BFF-8F26-2CD4A3B6F60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.2\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B3EFEACC-766F-4479-A69E-389D0448A44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.2\\(1.46\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF1356C5-A6BC-4D1F-A640-0E0D568797AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.2\\(1.50\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C844842F-45CF-43DC-84DA-C52AEB40E54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(1.68\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C3C20EAA-687B-4531-91EB-C1B835A6C0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(2.18\\):*:*:*:*:*:*:*",
"matchCriteriaId": "970A98BD-0018-44E2-B4AA-5715B383EB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(2.30\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BB0C1257-037A-4FED-8FAC-F39169A1D0B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(2.32\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D5FC7CE6-D1BE-4E78-9727-39AED8E04306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4\\(3.42\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F47D2C63-FA7A-4993-A44B-7DE1F9158EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4\\(3.49\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2C75377B-0CB7-461C-A857-1CC9BB394B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_serial_gateway:1.0.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "75DB1C8C-C9E5-4C83-B524-3E71B1FAACF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_serial_gateway:1.0.1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "63549A00-A34D-4A7E-A38C-6470EBBB0A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_serial_gateway:1.0.1.38:*:*:*:*:*:*:*",
"matchCriteriaId": "9D964BE9-A3B7-46D6-BBC6-0DBF0F13B91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.1\\(1.33\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4987F125-01CF-4D17-AF4C-E1F4BB977039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.1\\(1.37\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EB6EAFBB-5B0A-43E0-A7A7-8B2C17033301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B029054E-5575-40DA-B9C0-C45A0E938D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.48\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B4263AB-2AE2-418D-AFD1-FAA4CF46DE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.54\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D93A770A-3B67-4F27-B695-50F0430AFB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.55\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6C8E87AF-FAC5-419F-80DF-02EF48485990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.57\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1A5488C8-1B72-41D5-B346-1C27B529BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE67D1A0-522A-4FEB-A59E-27D8E8FA3196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(1.57\\):*:*:*:*:*:*:*",
"matchCriteriaId": "71B3BA0E-F4D1-484D-987D-F96DD3DECDB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(2.8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "28A70BA8-B132-4EAC-A9C5-706B5BE7D837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_supervisor_mse_8050_software:2.1\\(1.18\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEE3300B-EB67-43E2-B124-6BAFD8AE2AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_supervisor_mse_8050_software:2.2\\(1.17\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1F6C244B-DFCE-4E17-B13D-2DBB7053D0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_supervisor_mse_8050_software:2.3\\(1.32\\):*:*:*:*:*:*:*",
"matchCriteriaId": "555E1314-2954-4D81-8BFB-298CE9891106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
},
{
"lang": "es",
"value": "El Framework web en Cisco TelePresence Advanced Media Gateway Series Software anterior a 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software anterior a 3.0(1.27), Cisco TelePresence ISDN Gateway Software anterior a 2.2(1.94), Cisco TelePresence MCU Software anterior a 4.4(3.54) y 4.5 anterior a 4.5(1.45), Cisco TelePresence MSE Supervisor Software anterior a 2.3(1.38), Cisco TelePresence Serial Gateway Series Software anterior a 1.0(1.42), Cisco TelePresence Server Software for Hardware anterior a 3.1(1.98), y Cisco TelePresence Server Software for Virtual Machine anterior a 4.1(1.79) permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios root a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, y CSCur15855."
}
],
"id": "CVE-2015-0713",
"lastModified": "2024-11-21T02:23:35.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T00:59:01.357",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-20 14:59
Modified
2024-11-21 02:34
Severity ?
Summary
Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1033580 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033580 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_server_software | 2.3\(1.55\) | |
| cisco | telepresence_server_software | 2.3\(1.57\) | |
| cisco | telepresence_server_software | 3.0\(2.24\) | |
| cisco | telepresence_server_software | 3.0\(2.46\) | |
| cisco | telepresence_server_software | 3.0\(2.48\) | |
| cisco | telepresence_server_software | 3.0\(2.49\) | |
| cisco | telepresence_server_software | 3.1\(1.80\) | |
| cisco | telepresence_server_software | 3.1\(1.82\) | |
| cisco | telepresence_server_software | 3.1\(1.95\) | |
| cisco | telepresence_server_software | 3.1\(1.96\) | |
| cisco | telepresence_server_software | 3.1\(1.97\) | |
| cisco | telepresence_server_software | 3.1\(1.98\) | |
| cisco | telepresence_server_software | 4.0\(1.57\) | |
| cisco | telepresence_server_software | 4.0\(2.8\) | |
| cisco | telepresence_server_software | 4.1\(1.79\) | |
| cisco | telepresence_server_7010 | - | |
| cisco | telepresence_server_mse_8710 | - | |
| cisco | telepresence_server_on_multiparty_media_310 | - | |
| cisco | telepresence_server_on_multiparty_media_320 | - | |
| cisco | telepresence_server_on_virtual_machine | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.55\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6C8E87AF-FAC5-419F-80DF-02EF48485990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.57\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1A5488C8-1B72-41D5-B346-1C27B529BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE67D1A0-522A-4FEB-A59E-27D8E8FA3196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.46\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A4A68418-34B5-4ACE-8F5C-B0609E8A76B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.48\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C34CF67C-94F7-4252-99CA-468AC3E6F735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.49\\):*:*:*:*:*:*:*",
"matchCriteriaId": "288C4183-2BB1-4BEE-B99D-419D6948087E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.80\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EBDD6C7C-F04F-4637-A582-A2A3C7FDB124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.82\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D520D173-93B8-4991-A632-C8EBE880F4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.95\\):*:*:*:*:*:*:*",
"matchCriteriaId": "04C63DDA-0E39-4F7D-86ED-50166D13A575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.96\\):*:*:*:*:*:*:*",
"matchCriteriaId": "928F0A7E-A758-4030-802B-66761FF7EA1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.97\\):*:*:*:*:*:*:*",
"matchCriteriaId": "53B053D6-71BF-46D7-97A7-54946FFA690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.98\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8D515279-816E-43A1-8A8F-364F5DE5B919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(1.57\\):*:*:*:*:*:*:*",
"matchCriteriaId": "71B3BA0E-F4D1-484D-987D-F96DD3DECDB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(2.8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "28A70BA8-B132-4EAC-A9C5-706B5BE7D837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.1\\(1.79\\):*:*:*:*:*:*:*",
"matchCriteriaId": "409C5B7B-4A9B-40CE-97CA-4899FB075CC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983E3CC5-7B3A-467A-A482-0D19792CB55E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "411829A8-56C6-4851-8063-97F03C7B66B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51463F95-8A40-47CC-A0FD-B8F0ED16C39F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7792A73D-C38F-44E6-A660-6CDB0955EC69",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18C16ABE-9BA2-4852-9B12-70BA6A1D50C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la implementaci\u00f3n de la API del Conference Control Protocol en el software de Cisco TelePresence Server en versiones anteriores a 4.1(2.33) en 7010, MSE 8710, Multiparty Media 310 y 320 y dispositivos Virtual Machine, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del dispositivo) a trav\u00e9s de una URL manipulada, tambi\u00e9n conocida como Bug ID CSCuu28277."
}
],
"id": "CVE-2015-6284",
"lastModified": "2024-11-21T02:34:42.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-20T14:59:02.367",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033580"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-18 18:55
Modified
2024-11-21 01:49
Severity ?
Summary
The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8F4FBB-E964-4321-AB35-E16ABA3F5034",
"versionEndIncluding": "4.3\\(2.18\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.1\\(1.51\\):*:*:*:*:*:*:*",
"matchCriteriaId": "795D8FB0-600A-4EF1-B97E-55B526AA5505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.1\\(1.59\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FFEEEBC8-9B0D-4B17-827A-FBEA7643AB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.2\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "124EDEE8-9515-4178-AFC0-B1F2FA34388A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.2\\(1.46\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AB48A28E-4BBD-477B-A96B-B99879198583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.2\\(1.50\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2C0C6D91-2585-4531-AA86-1DBDE85F6B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.3\\(1.68\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4D00A572-D5EC-4186-809B-4C66E9147F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_4505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5574D81E-25A1-477A-978C-109D667771A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_4510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96560014-147A-4AE1-A215-E2F04B3AD7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_4515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72129DF6-D50B-46D8-84EA-95E65D86FF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_4520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11C64580-60FB-40CB-968A-1737E59A1E6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57751069-E382-4004-8B76-5296243F43A7",
"versionEndIncluding": "4.3\\(2.18\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.1\\(1.51\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A667D636-560E-4CED-864E-B23AEC62C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.1\\(1.59\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F3A8B1D8-1CF0-4B3B-A9C9-581199F24588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.2\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7E57DAE9-4E29-4585-AEE5-B4806A9429AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.2\\(1.46\\):*:*:*:*:*:*:*",
"matchCriteriaId": "053A2E65-8427-43DE-B126-744EDCE7767A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.2\\(1.50\\):*:*:*:*:*:*:*",
"matchCriteriaId": "67BEE259-94FF-4C6C-8881-D39B44C241CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.3\\(1.68\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41C17A23-E669-4D11-AC8F-ACBBC7D94A0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_4501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B739B1A-89D5-48EF-829E-E52AF298D840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E55AE599-11DB-4688-A384-D11CC31247A1",
"versionEndIncluding": "4.3\\(2.18\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.1\\(1.51\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3494A9FA-2470-4A8D-A2ED-40A8711961F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.1\\(1.59\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BC10B558-661C-4AB8-97C8-7CE6FDBD6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.2\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5112E0B4-690D-4159-A1A8-7078FACF25BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.2\\(1.46\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CADE4238-16ED-4D5C-AD8A-EFB63511E034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.2\\(1.50\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C33BCB3F-9C7F-478A-BC9B-BD6935FF2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.3\\(1.68\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1BC9217A-F120-4811-B854-3DDA58E27FF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_mse_8510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "738ED7C7-98D6-4BD5-9115-48405F350CC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77E008F3-B240-4699-A7E2-6E3BD1C87812",
"versionEndIncluding": "2.2\\(1.54\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.1\\(1.33\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4987F125-01CF-4D17-AF4C-E1F4BB977039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.1\\(1.37\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EB6EAFBB-5B0A-43E0-A7A7-8B2C17033301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B029054E-5575-40DA-B9C0-C45A0E938D8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983E3CC5-7B3A-467A-A482-0D19792CB55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "411829A8-56C6-4851-8063-97F03C7B66B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448."
},
{
"lang": "es",
"value": "La tarjeta DSP de los dispositivos Cisco TelePresence MCU 4500 y 4501 antes de v4.3(2.30), dispositivos TelePresence MCU MSE 8510 dispositivos antes de v4.3(2.30), y TelePresence Server antes de v2.3(1.55) no valida correctamente los datos de H.264, que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga dispositivo) a trav\u00e9s de paquetes hechos a RTP en una (1) sesi\u00f3n de SIP o (2) la sesi\u00f3n H.323, tambi\u00e9n conocido como Bug ID CSCuc11328 y CSCub05448."
}
],
"evaluatorImpact": "Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi\r\n\r\n\u0027Vulnerable Products\r\nThe following Cisco TelePresence Infrastructure products are affected by this vulnerability:\r\n\r\n Cisco TelePresence MCU 4501 Series, MCU 4500 Series and Cisco TelePresence MCU MSE 8510 versions 4.3(2.18) and earlier\r\n Cisco TelePresence Server versions 2.2(1.54) and earlier\u0027\r\n",
"id": "CVE-2013-1176",
"lastModified": "2024-11-21T01:49:03.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-18T18:55:03.970",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-26 11:11
Modified
2024-11-21 02:07
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_server_software | 3.0\(2.24\) | |
| cisco | telepresence_server_software | 3.1\(1.98\) | |
| cisco | telepresence_server_software | 4.0\(1.57\) | |
| cisco | telepresence_server_software | 4.0\(2.8\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE67D1A0-522A-4FEB-A59E-27D8E8FA3196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.98\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8D515279-816E-43A1-8A8F-364F5DE5B919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(1.57\\):*:*:*:*:*:*:*",
"matchCriteriaId": "71B3BA0E-F4D1-484D-987D-F96DD3DECDB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(2.8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "28A70BA8-B132-4EAC-A9C5-706B5BE7D837",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en la p\u00e1gina de inicio de sesi\u00f3n en la interfaz web administrativa en Cisco TelePresence Server Software 4.0(2.8) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro manipulado, tambi\u00e9n conocido como Bug ID CSCup90060."
}
],
"evaluatorComment": "Per: http://tools.cisco.com/security/center/viewAlert.x?alertId=35031\n\n\"The security vulnerability applies to the following combinations of products.\n\nPrimary Products:\n\nCisco\tCisco TelePresence Server Software\t3.0 (2.24) | 3.1 (1.98) | 4.0 (1.57), (2.8)\"",
"id": "CVE-2014-3324",
"lastModified": "2024-11-21T02:07:52.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-26T11:11:57.177",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/60456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35031"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68885"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030640"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94847"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-17 22:59
Modified
2024-11-21 03:26
Severity ?
Summary
An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_server_software | 4.2\(4.17\) | |
| cisco | telepresence_server_software | 4.2\(4.18\) | |
| cisco | telepresence_server_software | 4.2\(4.19\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.2\\(4.17\\):*:*:*:*:*:*:*",
"matchCriteriaId": "691F909F-2B7C-47B7-A998-43AD18B869E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.2\\(4.18\\):*:*:*:*:*:*:*",
"matchCriteriaId": "017157F9-2588-4EA8-B5B2-A5C585DAB765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.2\\(4.19\\):*:*:*:*:*:*:*",
"matchCriteriaId": "524682D4-B26E-43E6-B74C-ADBE10A35FFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616."
},
{
"lang": "es",
"value": "Una vulnerabilidad de privilegios de API en Cisco TelePresence Server Software podr\u00eda permitir que un atacante remoto no autenticado emule los puntos finales de Cisco TelePresence Server. Productos afectados: Esta vulnerabilidad afecta a los procesadores Cisco TelePresence Server MSE 8710 que ejecutan una versi\u00f3n de software anterior a Cisco TelePresence Software Release 4.3 y se ejecutan en modo administrado localmente. El API vulnerable estaba obsoleto en Cisco TelePresence Software Release 4.3. M\u00e1s informaci\u00f3n: CSCvc37616."
}
],
"id": "CVE-2017-3815",
"lastModified": "2024-11-21T03:26:10.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-17T22:59:00.203",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96922"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1038035"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}