Vulnerability in Cisco TelePresence Video Communication Server Affecting Call Policy Configuration
CVE-2015-4315

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 20 August 2015

Summary

The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 has a flaw that improperly validates external Document Type Definitions (DTDs). This weakness enables remote authenticated users to exploit the system by reading arbitrary files or triggering a denial of service condition through a specially crafted XML document. Users must take precautionary steps to secure configurations and limit access to restricted functionality to mitigate potential risks.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/76352

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1033283

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 20, 2015
Vulnerability Reserved
Jun 4, 2015