Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.105335 |
Category: | CISCO |
Title: | Cisco TelePresence Video Communication Server (VCS) Multiple Vulnerabilities |
Summary: | Cisco TelePresence Video Communication Server Expressway is prone to multiple vulnerabilities |
Description: | Summary: Cisco TelePresence Video Communication Server Expressway is prone to multiple vulnerabilities Vulnerability Insight: The remote Cisco TelePresence Video Communication Server is prone to the following vulnerabilities: 1. Cisco TelePresence Video Communication Server (VCS) Command Injection A vulnerability in the web framework in the Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to inject arbitrary commands that are executed user privilege ''nobody''. 2. Expressway user creds can be changed without providing current password A vulnerability in the Password Change functionality in the Administrative Web Interface of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, remote attacker to make unauthorized changes to user passwords. 3. Password hashes are recorded to the Expressway Configuration Log A vulnerability in Configuration Log File of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, remote attacker to obtain sensitive information stored on an affected system. 4. SIP Proxy-Authorization user not checked against phone line A vulnerability in of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, remote attacker to falsely register their Mobile and Remote Access (MRA) endpoint. 5. XCP ConnectionManager segfaults on malformed auth message A vulnerability in the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. 6. Traffic Server segfault on memcpy() from malformed GET request A vulnerability in the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This issues are being tracked by Cisco BugId: CSCuv40528 CSCuv12333 CSCuv40396 CSCuv40469 CSCuv12338 CSCuv12340 Affected Software/OS: Cisco TelePresence Video Communication Server Expressway X8.5.2 Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
Cross-Ref: |
BugTraq ID: 76326 BugTraq ID: 76347 BugTraq ID: 76366 BugTraq ID: 76353 BugTraq ID: 76351 BugTraq ID: 76350 Common Vulnerability Exposure (CVE) ID: CVE-2015-4303 BugTraq ID: 76322 http://www.securityfocus.com/bid/76322 Cisco Security Advisory: 20150812 Cisco TelePresence Video Communication Server Command Injection Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=40433 http://www.securitytracker.com/id/1033268 Common Vulnerability Exposure (CVE) ID: CVE-2015-4316 http://www.securityfocus.com/bid/76353 Cisco Security Advisory: 20150813 Cisco TelePresence Video Communication Server Expressway Access Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=40445 http://www.securitytracker.com/id/1033282 Common Vulnerability Exposure (CVE) ID: CVE-2015-4317 http://www.securityfocus.com/bid/76351 Cisco Security Advisory: 20150813 Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=40444 http://www.securitytracker.com/id/1033281 Common Vulnerability Exposure (CVE) ID: CVE-2015-4318 http://www.securityfocus.com/bid/76347 http://tools.cisco.com/security/center/viewAlert.x?alertId=40443 Common Vulnerability Exposure (CVE) ID: CVE-2015-4319 http://www.securityfocus.com/bid/76366 Cisco Security Advisory: 20150814 Cisco TelePresence Video Communication Server Expressway Access Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=40442 http://www.securitytracker.com/id/1033323 Common Vulnerability Exposure (CVE) ID: CVE-2015-4320 http://www.securityfocus.com/bid/76350 Cisco Security Advisory: 20150813 Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=40441 http://www.securitytracker.com/id/1033284 |
Copyright | This script is Copyright (C) 2015 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |