Command Execution Vulnerability in Cisco TelePresence VCS Expressway
CVE-2015-4328

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 20 August 2015

Summary

The vulnerability in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 is due to improper checks of a user account's read-only attribute. This flaw permits remote authenticated users to exploit the system by executing arbitrary OS commands through specially crafted HTTP requests. An attacker can easily manipulate the Unified Communications lookup page to perform unauthorized read or write operations, potentially compromising the server's integrity.

References

http://www.securitytracker.com/id/1033329

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/76399

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Aug 20, 2015
Vulnerability Reserved
Jun 4, 2015