Command Execution Vulnerability in Cisco TelePresence Video Communication Server
CVE-2015-4330

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 2 September 2015

Summary

A vulnerability in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to execute arbitrary operating system commands by exploiting the local file script functionality using invalid parameters. This security issue, identified as Bug ID CSCuv10556, could lead to unauthorized privilege escalation, granting attackers the ability to manipulate the system and potentially lead to further exploitation.

References

http://www.securitytracker.com/id/1033442

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Sep 2, 2015
Vulnerability Reserved
Jun 4, 2015