Privilege Escalation in Cisco TelePresence Video Communication Server by Cisco
CVE-2015-4325

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 12 October 2015

Summary

A vulnerability exists in the process-management mechanism of Cisco's TelePresence Video Communication Server (VCS) Expressway X8.5.2 that allows local users to escalate their privileges. By terminating a supervised process known as 'firestarter.py' and subsequently triggering its restart using root privileges, an attacker can gain unauthorized access, leading to potential compromises within the system. This loophole poses significant security risks if not addressed.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033751

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Oct 12, 2015
Vulnerability Reserved
Jun 4, 2015