Arbitrary File Injection in Cisco TelePresence Video Communication Server by Local Users
CVE-2015-4327

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 20 August 2015

Summary

An arbitrary file injection vulnerability exists in the CLI of Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2. This flaw allows local users to gain root privileges by manipulating script arguments to write to an unspecified file, potentially leading to unauthorized access and control of the server. The vulnerability is identified by Bug ID CSCuv12542 and poses a significant security risk to affected systems. Users are advised to take immediate actions, such as applying patches and reviewing access controls.

References

http://www.securityfocus.com/bid/76408

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033332

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 20, 2015
Vulnerability Reserved
Jun 4, 2015