Arbitrary Code Execution Vulnerability in Cisco Unified MeetingPlace
CVE-2015-0702

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Meetingplace
Vendor: CVE Published:; 21 April 2015

Summary

The vulnerability in Cisco Unified MeetingPlace arises from unrestricted file upload capabilities in the Custom Prompts upload feature. This flaw allows remote authenticated users to exploit the languageShortName parameter, permitting the upload of malicious files that can execute arbitrary code on the server. This can lead to unauthorized access and control over the affected system, posing significant security risks.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032165

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Apr 21, 2015
Vulnerability Reserved
Jan 7, 2015