English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.105335
Kategorie:CISCO
Titel:Cisco TelePresence Video Communication Server (VCS) Multiple Vulnerabilities
Zusammenfassung:Cisco TelePresence Video Communication Server Expressway is prone to multiple vulnerabilities
Beschreibung:Summary:
Cisco TelePresence Video Communication Server Expressway is prone to multiple vulnerabilities

Vulnerability Insight:
The remote Cisco TelePresence Video Communication Server is prone to the following vulnerabilities:

1. Cisco TelePresence Video Communication Server (VCS) Command Injection

A vulnerability in the web framework in the Cisco TelePresence Video Communication Server (VCS)
could allow an authenticated, remote attacker to inject arbitrary commands that are executed
user privilege ''nobody''.

2. Expressway user creds can be changed without providing current password

A vulnerability in the Password Change functionality in the Administrative Web Interface of the Cisco TelePresence Video Communication Server
(VCS) Expressway could allow an authenticated, remote attacker to make unauthorized changes to user passwords.

3. Password hashes are recorded to the Expressway Configuration Log

A vulnerability in Configuration Log File of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated,
remote attacker to obtain sensitive information stored on an affected system.

4. SIP Proxy-Authorization user not checked against phone line

A vulnerability in of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, remote attacker to falsely
register their Mobile and Remote Access (MRA) endpoint.

5. XCP ConnectionManager segfaults on malformed auth message

A vulnerability in the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition.

6. Traffic Server segfault on memcpy() from malformed GET request

A vulnerability in the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition.

This issues are being tracked by Cisco BugId:
CSCuv40528
CSCuv12333
CSCuv40396
CSCuv40469
CSCuv12338
CSCuv12340

Affected Software/OS:
Cisco TelePresence Video Communication Server Expressway X8.5.2

Solution:
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: BugTraq ID: 76326
BugTraq ID: 76347
BugTraq ID: 76366
BugTraq ID: 76353
BugTraq ID: 76351
BugTraq ID: 76350
Common Vulnerability Exposure (CVE) ID: CVE-2015-4303
BugTraq ID: 76322
http://www.securityfocus.com/bid/76322
Cisco Security Advisory: 20150812 Cisco TelePresence Video Communication Server Command Injection Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40433
http://www.securitytracker.com/id/1033268
Common Vulnerability Exposure (CVE) ID: CVE-2015-4316
http://www.securityfocus.com/bid/76353
Cisco Security Advisory: 20150813 Cisco TelePresence Video Communication Server Expressway Access Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40445
http://www.securitytracker.com/id/1033282
Common Vulnerability Exposure (CVE) ID: CVE-2015-4317
http://www.securityfocus.com/bid/76351
Cisco Security Advisory: 20150813 Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40444
http://www.securitytracker.com/id/1033281
Common Vulnerability Exposure (CVE) ID: CVE-2015-4318
http://www.securityfocus.com/bid/76347
http://tools.cisco.com/security/center/viewAlert.x?alertId=40443
Common Vulnerability Exposure (CVE) ID: CVE-2015-4319
http://www.securityfocus.com/bid/76366
Cisco Security Advisory: 20150814 Cisco TelePresence Video Communication Server Expressway Access Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40442
http://www.securitytracker.com/id/1033323
Common Vulnerability Exposure (CVE) ID: CVE-2015-4320
http://www.securityfocus.com/bid/76350
Cisco Security Advisory: 20150813 Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40441
http://www.securitytracker.com/id/1033284
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.