CVE-2015-4328

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 20 August 2015

Summary

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.

References

http://www.securitytracker.com/id/1033329

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/76399

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Aug 20, 2015
Vulnerability Reserved
Jun 4, 2015