Command Injection Vulnerability in Cisco TelePresence Video Communication Server
CVE-2015-4303

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 20 August 2015

Summary

A command injection vulnerability exists in Cisco TelePresence Video Communication Server (VCS) version X8.5.2, which allows remote authenticated users to execute arbitrary commands as the 'nobody' user. This issue arises from an exploit in an unspecified web-page parameter. Successful exploitation could lead to unauthorized access and potential compromise of system integrity, making it critical for users to apply necessary security updates and follow vendor guidance.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/76322

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1033268

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 20, 2015
Vulnerability Reserved
Jun 4, 2015