Cisco: >> Telepresence Video Communication Server Security Vulnerabilities
The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.
CVSS Score
6.4
EPSS Score
0.004
Published
2014-01-23
Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989.
CVSS Score
5.0
EPSS Score
0.002
Published
2013-01-17
Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426.
CVSS Score
7.8
EPSS Score
0.004
Published
2012-03-01
Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319.
CVSS Score
7.5
EPSS Score
0.005
Published
2012-03-01
Page 5