Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:cisco:meeting_server:2.4.6:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-20255 |
A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets reaching the Web Bridge. Published: November 01, 2023; 2:15:09 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-40122 |
A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition. Published: October 20, 2021; 11:15:07 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-3197 |
A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this vulnerability by intercepting the legitimate traffic that is generated by an affected system. An exploit could allow the attacker to obtain the TURN server credentials, which the attacker could use to place audio/video calls and forward packets through the configured TURN server. The attacker would not be able to take control of the TURN server unless the same credentials were used in multiple systems. Published: July 16, 2020; 2:15:17 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-3160 |
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications. Published: February 19, 2020; 3:15:15 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-12264 |
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A successful exploit could allow the attacker to cause a reload of the Web Admin Server. Cisco Bug IDs: CSCve89149. Published: October 05, 2017; 3:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |