Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105335
Category:CISCO
Title:Cisco TelePresence Video Communication Server (VCS) Multiple Vulnerabilities
Summary:Cisco TelePresence Video Communication Server Expressway is prone to multiple vulnerabilities
Description:Summary:
Cisco TelePresence Video Communication Server Expressway is prone to multiple vulnerabilities

Vulnerability Insight:
The remote Cisco TelePresence Video Communication Server is prone to the following vulnerabilities:

1. Cisco TelePresence Video Communication Server (VCS) Command Injection

A vulnerability in the web framework in the Cisco TelePresence Video Communication Server (VCS)
could allow an authenticated, remote attacker to inject arbitrary commands that are executed
user privilege ''nobody''.

2. Expressway user creds can be changed without providing current password

A vulnerability in the Password Change functionality in the Administrative Web Interface of the Cisco TelePresence Video Communication Server
(VCS) Expressway could allow an authenticated, remote attacker to make unauthorized changes to user passwords.

3. Password hashes are recorded to the Expressway Configuration Log

A vulnerability in Configuration Log File of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated,
remote attacker to obtain sensitive information stored on an affected system.

4. SIP Proxy-Authorization user not checked against phone line

A vulnerability in of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, remote attacker to falsely
register their Mobile and Remote Access (MRA) endpoint.

5. XCP ConnectionManager segfaults on malformed auth message

A vulnerability in the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition.

6. Traffic Server segfault on memcpy() from malformed GET request

A vulnerability in the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition.

This issues are being tracked by Cisco BugId:
CSCuv40528
CSCuv12333
CSCuv40396
CSCuv40469
CSCuv12338
CSCuv12340

Affected Software/OS:
Cisco TelePresence Video Communication Server Expressway X8.5.2

Solution:
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 76326
BugTraq ID: 76347
BugTraq ID: 76366
BugTraq ID: 76353
BugTraq ID: 76351
BugTraq ID: 76350
Common Vulnerability Exposure (CVE) ID: CVE-2015-4303
BugTraq ID: 76322
http://www.securityfocus.com/bid/76322
Cisco Security Advisory: 20150812 Cisco TelePresence Video Communication Server Command Injection Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40433
http://www.securitytracker.com/id/1033268
Common Vulnerability Exposure (CVE) ID: CVE-2015-4316
http://www.securityfocus.com/bid/76353
Cisco Security Advisory: 20150813 Cisco TelePresence Video Communication Server Expressway Access Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40445
http://www.securitytracker.com/id/1033282
Common Vulnerability Exposure (CVE) ID: CVE-2015-4317
http://www.securityfocus.com/bid/76351
Cisco Security Advisory: 20150813 Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40444
http://www.securitytracker.com/id/1033281
Common Vulnerability Exposure (CVE) ID: CVE-2015-4318
http://www.securityfocus.com/bid/76347
http://tools.cisco.com/security/center/viewAlert.x?alertId=40443
Common Vulnerability Exposure (CVE) ID: CVE-2015-4319
http://www.securityfocus.com/bid/76366
Cisco Security Advisory: 20150814 Cisco TelePresence Video Communication Server Expressway Access Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40442
http://www.securitytracker.com/id/1033323
Common Vulnerability Exposure (CVE) ID: CVE-2015-4320
http://www.securityfocus.com/bid/76350
Cisco Security Advisory: 20150813 Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40441
http://www.securitytracker.com/id/1033284
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.