Cisco: >> Telepresence Video Communication Server Software >> x8.5.3 Security Vulnerabilities
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
CVSS Score
6.5
EPSS Score
0.003
Published
2016-07-07
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.
CVSS Score
5.3
EPSS Score
0.002
Published
2016-02-09
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.
CVSS Score
5.5
EPSS Score
0.005
Published
2015-08-20