Command Injection Vulnerability in Cisco TelePresence Video Communication Server
CVE-2015-4329

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 20 August 2015

Summary

The web interface of Cisco TelePresence Video Communication Server (VCS) version X8.5.2 is susceptible to command injection. Remote authenticated users can exploit this vulnerability to execute arbitrary operating system commands by sending specially crafted HTTP requests. This flaw has been identified as Bug ID CSCuv11796, highlighting the risk of unauthorized access and potential system compromise.

References

http://www.securityfocus.com/bid/76395

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1033329

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Aug 20, 2015
Vulnerability Reserved
Jun 4, 2015