Vulnerability in Cisco TelePresence Video Communication Server Affecting Call Policy Configuration
CVE-2015-4315

Currently unrated

Key Information:

Vendor

Cisco
Status
Telepresence Video Communication Server Software
Vendor
CVE Published:
20 August 2015

What is CVE-2015-4315?

The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 has a flaw that improperly validates external Document Type Definitions (DTDs). This weakness enables remote authenticated users to exploit the system by reading arbitrary files or triggering a denial of service condition through a specially crafted XML document. Users must take precautionary steps to secure configurations and limit access to restricted functionality to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/76352
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1033283
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.