Cisco Expressway Series
Recent Cisco Expressway Series Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2024-02-08 | Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities | February 8, 2024 |
| 2023-08-16 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability | August 16, 2023 |
| 2023-06-07 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities | June 7, 2023 |
| 2022-10-05 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities | October 5, 2022 |
| 2022-07-06 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities | July 6, 2022 |
| 2022-05-18 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities | May 18, 2022 |
| 2022-03-02 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities | March 2, 2022 |
| 2021-08-18 | Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability | August 18, 2021 |
| 2021-08-18 | Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability | August 18, 2021 |
By the Year
In 2024 there have been 0 vulnerabilities in Cisco Expressway Series . Expressway Series did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 6.50 |
| 2018 | 1 | 7.50 |
It may take a day or so for new Expressway Series vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Expressway Series Security Vulnerabilities
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could
CVE-2019-1722
6.5 - Medium
- April 18, 2019
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later.
Session Riding
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet
CVE-2018-5390
7.5 - High
- August 06, 2018
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by Cisco? Click the Watch button to subscribe.
