CVE-2015-4328

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.
References
Link Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=40522 Vendor Advisory
http://www.securityfocus.com/bid/76399 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033329 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*

History

No history.

Information

Published : 2015-08-20 00:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-4328

Mitre link : CVE-2015-4328

CVE.ORG link : CVE-2015-4328


JSON object : View

Products Affected

cisco

  • telepresence_video_communication_server_software
CWE
CWE-20

Improper Input Validation