U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:cisco:telepresence_tc_software:7.3.0
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity
CVE-2017-6648

A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002.

Published: June 08, 2017; 9:29:00 AM -0400 		V3.0: 7.5 HIGH
 V2.0: 7.8 HIGH
CVE-2016-6459

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.

Published: November 18, 2016; 10:03:02 PM -0500 		V3.0: 5.5 MEDIUM
 V2.0: 4.9 MEDIUM
CVE-2016-1387

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

Published: May 05, 2016; 5:59:04 PM -0400 		V3.0: 9.8 CRITICAL
 V2.0: 9.0 HIGH
CVE-2015-4271

Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604.

Published: July 15, 2015; 2:59:00 PM -0400 		V3.x:(not available)
 V2.0: 6.4 MEDIUM
CVE-2015-0770

CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.

Published: June 07, 2015; 2:59:05 PM -0400 		V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2015-0722

The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952.

Published: May 24, 2015; 8:59:02 PM -0400 		V3.x:(not available)
 V2.0: 7.8 HIGH