- Home
- CVEs with nessus.description==According to its self-reported version, the Cisco TelePresence Video
Communication Server (VCS) / Expressway running on the remote host is
8.x prior to 8.8. It is, therefore, affected by multiple
vulnerabilities :
- A security feature bypass vulnerability exists, known as
Bar Mitzvah, due to improper combination of state data
with key data by the RC4 cipher algorithm during the
initialization phase. A man-in-the-middle attacker can
exploit this, via a brute-force attack using LSB values,
to decrypt the traffic. (CVE-2015-2808)
- A flaw exists in the web framework of TelePresence Video
Communication Server (VCS) Expressway due to missing
authorization checks on certain administrative pages. An
authenticated, remote attacker can exploit this to
bypass read-only restrictions and install Tandberg Linux
Packages (TLPs) without proper authorization.
(CVE-2015-6413)
- A flaw exists in certificate management and validation
for the Mobile and Remote Access (MRA) component due to
improper input validation of a trusted certificate. An
unauthenticated, remote attacker can exploit this, using
a trusted certificate, to bypass authentication and gain
access to internal HTTP system resources.
(CVE-2016-1444)
- A heap buffer overflow condition exists in the
EVP_EncodeUpdate() function within file
crypto/evp/encode.c that is triggered when handling
a large amount of input data. An unauthenticated, remote
attacker can exploit this to cause a denial of service
condition. (CVE-2016-2105)
- A heap buffer overflow condition exists in the
EVP_EncryptUpdate() function within file
crypto/evp/evp_enc.c that is triggered when handling a
large amount of input data after a previous call occurs
to the same function with a partial block. An
unauthenticated, remote attacker can exploit this to
cause a denial of service condition. (CVE-2016-2106)
- Multiple flaws exist in the aesni_cbc_hmac_sha1_cipher()
function in file crypto/evp/e_aes_cbc_hmac_sha1.c and
the aesni_cbc_hmac_sha256_cipher() function in file
crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered
when the connection uses an AES-CBC cipher and AES-NI
is supported by the server. A man-in-the-middle attacker
can exploit these to conduct a padding oracle attack,
resulting in the ability to decrypt the network traffic.
(CVE-2016-2107)
- A remote code execution vulnerability exists in the
ASN.1 encoder due to an underflow condition that occurs
when attempting to encode the value zero represented as
a negative integer. An unauthenticated, remote attacker
can exploit this to corrupt memory, resulting in the
execution of arbitrary code. (CVE-2016-2108)
- Multiple unspecified flaws exist in the d2i BIO
functions when reading ASN.1 data from a BIO due to
invalid encoding causing a large allocation of memory.
An unauthenticated, remote attacker can exploit these to
cause a denial of service condition through resource
exhaustion. (CVE-2016-2109)
- An out-of-bounds read error exists in the
X509_NAME_oneline() function within file
crypto/x509/x509_obj.c when handling very long ASN.1
strings. An unauthenticated, remote attacker can exploit
this to disclose the contents of stack memory.
(CVE-2016-2176)
- An information disclosure vulnerability exists in the
file system permissions due to certain files having
overly permissive permissions. An unauthenticated, local
attacker can exploit this to disclose sensitive
information. (Cisco bug ID CSCuw55636)
Note that Cisco bug ID CSCuw55636 and CVE-2015-6413 only affect
versions 8.6.x prior to 8.8.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top