RSS   Vulnerabilities for 'Telepresence management suite'   RSS

2021-10-21
 
CVE-2021-34760

CWE-79
 

 
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

 
2020-03-04
 
CVE-2020-3185

CWE-79
 

 
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information.

 
2019-02-07
 
CVE-2019-1661

CWE-79
 

 
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

 
 
CVE-2019-1660

CWE-264
 

 
A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited.

 
2019-01-11
 
CVE-2018-15467

CWE-79
 

 
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

 
2015-02-17
 
CVE-2015-0620

 

 
The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494.

 
2013-05-01
 
CVE-2013-1229

CWE-20
 

 
TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bug ID CSCue00028.

 

 >>> Vendor: Cisco 1880 Products
IOS
Pix firewall
Router
Cisco 7xx routers
Catalyst 12xx supervisor software
Catalyst 29xx supervisor software
Catalyst 5xxx supervisor software
Ciscosecure
675 router
Cache engine
Resource manager
Pix private link
Catalyst 2900 vlan
Catos
Accesspath
As5200
As5300
As5800
System controller 3640
3660 router
7100 router
7200 router
7500 router
Ubr7200
Voice gateway as5800
Router 2500
Router 2600
Router 3600
Router 4000
Router 7200
Router 7500
Tacacs+
Secure desktop
Gigabit switch router 12008
Gigabit switch router 12012
Gigabit switch router 12016
Catalyst 3500 xl
Virtual central office 4000
Secure access control server
Arrowpoint
Content services switch
Cisco 6xx routers
Broadband operating system
Catalyst 4000
Catalyst 5000
Catalyst 6000
Aironet
Aironet ap340
Pix firewall 515
Pix firewall 520
Content services switch 11050
Content services switch 11150
Content services switch 11800
Vpn 3000 concentrator
Vpn 3005 concentrator
Vpn 3015 concentrator
Vpn 3030 concentator
Vpn 3060 concentrator
Vpn 3080 concentrator
CBOS
Aironet 340
Catalyst 2900
Content services switch 11000
Catalyst 6000 intrusion detection system module
Secure intrusion detection system
HSRP
6400 nrp 2
Tftp server
12000 router
Catalyst 2900xl
Catalyst 2948g-l3
Catalyst 2950
Catalyst 3500xl
Catalyst 3550
Catalyst 4908g-l3
Catalyst 8500
Distributed director
Sn 5420 storage router
Pix firewall manager
ICDN
Ubr920
Ubr924
Ubr925
Call manager
Aironet ap350
Ata-186
Content distribution manager 4630
Content distribution manager 4650
Content engine
Cache engine 505
Cache engine 550
Cache engine 570
Content router 4430
Webns
Vpn 500 concentrator
Iscsi driver
Vpn client
Voip phone cp-7940
Voip phone cp-7910
Voip phone cp-7960
See all Products for Vendor Cisco


Copyright 2024, cxsecurity.com

 

Back to Top