CVE-2015-4328

Loading...

General

Score:4.0/10.0
Severity:Low
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Published on 20/08/15 - Updated on 04/01/17

Description

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2015-4328

Exploits

SecurityFocusBID-76399

Relative technologies

VendorProduct
ciscotelepresence_video_communication_server_software

Share this vulnerability with:

Twitter Facebook LinkedIn Mail