cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20814,https://securityvulnerability.io/vulnerability/CVE-2022-20814,Cisco Expressway-C and TelePresence VCS Vulnerability: Unauthorized Access to Sensitive Data possible via SSL Certificate Validation Flaw,"A vulnerability exists in the certificate validation process of Cisco Expressway-C and Cisco TelePresence VCS, which could be exploited by an unauthenticated remote attacker. This flaw arises from inadequate validation of the SSL server certificate during connections to Cisco Unified Communications Manager devices. An attacker may leverage a man-in-the-middle technique to intercept communication between devices, potentially impersonating the endpoint with a self-signed certificate. Successful exploitation may enable access to sensitive data or allow for the manipulation of transmitted information. Cisco has released updates addressing this vulnerability, with no available workarounds.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,7.4,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-15T15:32:47.058Z,0
CVE-2022-20853,https://securityvulnerability.io/vulnerability/CVE-2022-20853,Cisco Issues Security Advisory for Cross-Site Request Forgery Vulnerability,"This vulnerability affects the REST API of Cisco Expressway Series and Cisco TelePresence VCS, allowing unauthenticated, remote attackers to potentially execute cross-site request forgery (CSRF) attacks on affected systems. Insufficient CSRF protections in the web-based management interface enable an attacker to trick a user into clicking a specially crafted link. This could lead to unauthorized actions being performed on the affected system, including the possibility of causing it to reload. Cisco has issued software updates to mitigate this issue, with no available workarounds.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,7.4,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-15T15:27:23.911Z,0
CVE-2024-20492,https://securityvulnerability.io/vulnerability/CVE-2024-20492,Cisco Expressway Series Vulnerability Could Lead to Command Injection and Root Privileges Escape,"A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device.
Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-02T16:55:33.932Z,0
CVE-2024-20400,https://securityvulnerability.io/vulnerability/CVE-2024-20400,Attacker Could Redirect Users to Malicious Web Page via Cisco Expressway Series Vulnerability,"A vulnerability exists in the web-based management interface of Cisco Expressway Series that permits an unauthenticated remote attacker to reroute a user to a malicious web page. The flaw arises from ineffective validation of HTTP request parameters, enabling an attacker to intercept and alter requests from users. Exploitation of this vulnerability could lead to unintended user redirection, potentially compromising user data and security. The affected components include Cisco Expressway Control (Expressway-C) and Cisco Expressway Edge (Expressway-E) devices, highlighting the need for immediate action to secure these platforms.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,4.7,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-07-17T16:29:36.302Z,0
CVE-2024-20255,https://securityvulnerability.io/vulnerability/CVE-2024-20255,Cisco Expressway and TelePresence Vulnerable to CSRF Attacks,"A vulnerability exists within the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server, allowing unauthenticated remote attackers to potentially execute cross-site request forgery (CSRF) attacks. This vulnerability is primarily due to inadequate CSRF protections implemented in the web-based management interface of the affected systems. Exploit of this vulnerability can occur when an attacker entices a user of the REST API to follow a specially crafted link, potentially causing the affected system to reload without user consent or awareness. Remedial measures are recommended to secure affected installations against this specific attack vector.",Cisco,Cisco TelePresence Video Communication Server (VCS) Expressway,7.1,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-02-07T16:15:36.068Z,0
CVE-2024-20254,https://securityvulnerability.io/vulnerability/CVE-2024-20254,Cisco Expressway Series and TelePresence VCS Vulnerabilities Could Lead to CSRF Attacks,"Multiple vulnerabilities have been identified in the Cisco Expressway Series and the Cisco TelePresence Video Communication Server (VCS). These vulnerabilities could allow unauthenticated remote attackers to conduct cross-site request forgery (CSRF) attacks. Such attacks enable adversaries to perform arbitrary actions on the affected devices without proper authentication. It is critical for organizations utilizing these Cisco products to review their systems and implement necessary security measures to mitigate potential exploitation. For additional details, refer to the associated Cisco security advisory.",Cisco,Cisco TelePresence Video Communication Server (VCS) Expressway,8.8,HIGH,0.0007099999929778278,false,,true,false,false,,,false,false,,2024-02-07T16:15:25.666Z,0
CVE-2024-20252,https://securityvulnerability.io/vulnerability/CVE-2024-20252,Cisco Expressway Series and TelePresence VCS Vulnerabilities Could Lead to CSRF Attacks,"Multiple vulnerabilities in Cisco's Expressway Series and TelePresence Video Communication Server (VCS) could permit unauthenticated, remote attackers to execute cross-site request forgery (CSRF) attacks. These attacks could enable malicious actors to perform arbitrary actions on affected devices without leaving any trace. The vulnerabilities impact both Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices, as well as the Video Communication Server, posing significant risks to system integrity and user security.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,9.6,CRITICAL,0.0007099999929778278,false,,true,false,true,2024-07-29T21:15:07.000Z,,false,false,,2024-02-07T16:15:06.066Z,0
CVE-2023-20209,https://securityvulnerability.io/vulnerability/CVE-2023-20209,Command Injection Vulnerability in Cisco Expressway Series and TelePresence VCS,"A command injection vulnerability exists in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). This issue arises from the insufficient validation of user-supplied input. An authenticated remote attacker with read-write privileges could exploit this vulnerability by sending a specially crafted request, potentially allowing them to execute arbitrary commands on the affected device. A successful attack may enable the attacker to gain remote shell access with elevated privileges.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,6.5,MEDIUM,0.0010999999940395355,false,,false,false,true,2023-09-28T15:55:22.000Z,true,false,false,,2023-08-16T21:15:00.000Z,0
CVE-2023-20192,https://securityvulnerability.io/vulnerability/CVE-2023-20192,Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities,"Multiple vulnerabilities exist in Cisco Expressway Series and TelePresence Video Communication Server that could allow an authenticated attacker with Administrator-level read-only credentials to upgrade their access to Administrator with read-write permissions. Such escalations can pose significant risks to the integrity and security of the affected systems, underscoring the importance of timely patching and user credential management.",Cisco,"Cisco TelePresence Video Communication Server (VCS) Expressway ",7.7,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-20105,https://securityvulnerability.io/vulnerability/CVE-2023-20105,Privilege Escalation in Cisco Expressway Series and TelePresence VCS Management Interfaces,"A significant vulnerability is present in the password change functionality of Cisco Expressway Series devices and Cisco TelePresence Video Communication Server. This issue stems from improper management of password change requests, allowing authenticated users with Read-only credentials to exploit the system. By sending a specially crafted request through the web management interface, an attacker could gain the ability to alter passwords for any user account, including those with administrative privileges. This breach not only compromises user accounts but also poses the risk of impersonation of legitimate users, further endangering the system's security.",Cisco,Cisco TelePresence Video Communication Server (VCS) Expressway,6.5,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2022-20813,https://securityvulnerability.io/vulnerability/CVE-2022-20813,Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities,"Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,9,CRITICAL,0.00171999994199723,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-07-06T00:00:00.000Z,0
CVE-2022-20812,https://securityvulnerability.io/vulnerability/CVE-2022-20812,Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities,"Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,9,CRITICAL,0.0012199999764561653,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-07-06T00:00:00.000Z,0
CVE-2022-20807,https://securityvulnerability.io/vulnerability/CVE-2022-20807,Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities,"Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,4.3,MEDIUM,0.00107999995816499,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-05-27T14:15:00.000Z,0
CVE-2022-20806,https://securityvulnerability.io/vulnerability/CVE-2022-20806,Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities,"Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,4.3,MEDIUM,0.0010900000343099236,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-05-27T14:15:00.000Z,0
CVE-2022-20809,https://securityvulnerability.io/vulnerability/CVE-2022-20809,Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities,"Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,4.3,MEDIUM,0.00107999995816499,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-05-26T14:15:00.000Z,0
CVE-2022-20755,https://securityvulnerability.io/vulnerability/CVE-2022-20755,Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities,"Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,9,CRITICAL,0.0020200000144541264,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-04-06T19:15:00.000Z,0
CVE-2022-20754,https://securityvulnerability.io/vulnerability/CVE-2022-20754,Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities,"Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,9,CRITICAL,0.0020200000144541264,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-04-06T19:15:00.000Z,0
CVE-2021-34716,https://securityvulnerability.io/vulnerability/CVE-2021-34716,Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution  Vulnerability,"A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading specific crafted software images to the affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,6.7,MEDIUM,0.0023399998899549246,false,,false,false,true,2024-08-04T02:15:21.000Z,,false,false,,2021-08-18T00:00:00.000Z,0
CVE-2021-34715,https://securityvulnerability.io/vulnerability/CVE-2021-34715,Cisco Expressway Series and TelePresence Video Communication Server  Image Verification Vulnerability,"A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges (the _nobody account) on the underlying operating system.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,4.7,MEDIUM,0.0023399998899549246,false,,false,false,true,2024-08-04T02:15:21.000Z,,false,false,,2021-08-18T00:00:00.000Z,0
CVE-2020-3482,https://securityvulnerability.io/vulnerability/CVE-2020-3482,Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability,"A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,6.5,MEDIUM,0.001290000043809414,false,,false,false,true,2024-08-04T08:16:42.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-3596,https://securityvulnerability.io/vulnerability/CVE-2020-3596,Cisco Expressway Series and TelePresence Video Communication Server Denial of Service Vulnerability,"A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit this vulnerability by sending a series of SIP packets to an affected device. A successful exploit could allow the attacker to exhaust memory on an affected device, causing it to crash and leading to a DoS condition.",Cisco,Cisco Telepresence Video Communication Server (vcs) Expressway,5.9,MEDIUM,0.0015899999998509884,false,,false,false,true,2024-08-04T08:16:47.000Z,,false,false,,2020-10-08T05:15:00.000Z,0
CVE-2019-1854,https://securityvulnerability.io/vulnerability/CVE-2019-1854,Cisco Expressway Series Directory Traversal Vulnerability,"A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface.",Cisco,Cisco Expressway,4.1,MEDIUM,0.004350000061094761,false,,false,false,true,2024-08-04T19:16:14.000Z,,false,false,,2019-05-03T17:29:00.000Z,0
CVE-2019-1679,https://securityvulnerability.io/vulnerability/CVE-2019-1679,"Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability","A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected.",Cisco,"Cisco Telepresence Conductor,Cisco Expressway Series,Cisco Telepresence Video Communication Server",5,MEDIUM,0.0006399999838322401,false,,false,false,true,2024-08-04T19:16:04.000Z,,false,false,,2019-02-07T21:29:00.000Z,0
CVE-2017-12287,https://securityvulnerability.io/vulnerability/CVE-2017-12287,,"A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system. A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition. Cisco Bug IDs: CSCve77571.",Cisco,Cisco Expressway Series And Cisco Telepresence Video Communication Server,4.3,MEDIUM,0.0009299999801442027,false,,false,false,false,,,false,false,,2017-10-19T08:00:00.000Z,0
CVE-2017-3790,https://securityvulnerability.io/vulnerability/CVE-2017-3790,,"A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263.",Cisco,Cisco Expressway Series Software And Cisco Telepresence Vcs Software All Versions Prior To Version X8.8.2 Are Vulnerable,8.6,HIGH,0.002369999885559082,false,,false,false,false,,,false,false,,2017-02-01T19:00:00.000Z,0