Cisco Expressway Series
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Cisco Expressway Series.
Recent Cisco Expressway Series Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2025-02-06 | Cisco Expressway Series Cross-Site Scripting Vulnerability | February 6, 2025 |
| 2024-10-03 | Cisco Expressway Series Privilege Escalation Vulnerability | October 3, 2024 |
| 2024-07-17 | Cisco Expressway Series Open Redirect Vulnerability | July 17, 2024 |
| 2024-02-08 | Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities | February 8, 2024 |
| 2023-08-16 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability | August 16, 2023 |
| 2023-06-07 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities | June 7, 2023 |
| 2022-10-05 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities | October 5, 2022 |
| 2022-07-06 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities | July 6, 2022 |
| 2022-05-18 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities | May 18, 2022 |
| 2022-03-02 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities | March 2, 2022 |
By the Year
In 2026 there have been 0 vulnerabilities in Cisco Expressway Series. Expressway Series did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 0.00 |
| 2018 | 1 | 7.50 |
It may take a day or so for new Expressway Series vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Expressway Series Security Vulnerabilities
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could
CVE-2019-1722
- April 18, 2019
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later.
Session Riding
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could
CVE-2019-1679
- February 07, 2019
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected.
SSRF
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet
CVE-2018-5390
7.5 - High
- August 06, 2018
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Expressway Series or by Cisco? Click the Watch button to subscribe.
