Command Execution Vulnerability in Cisco TelePresence VCS Expressway
CVE-2015-4328

Currently unrated

Key Information:

Vendor

Cisco
Status
Telepresence Video Communication Server Software
Vendor
CVE Published:
20 August 2015

What is CVE-2015-4328?

The vulnerability in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 is due to improper checks of a user account's read-only attribute. This flaw permits remote authenticated users to exploit the system by executing arbitrary OS commands through specially crafted HTTP requests. An attacker can easily manipulate the Unified Communications lookup page to perform unauthorized read or write operations, potentially compromising the server's integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id/1033329
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/76399
vdb-entryx_refsource_BID
http://tools.cisco.com/security/center/viewAlert.x?alertI...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.