CVE-2015-0702Improper Input Validation in Cisco Unified Meetingplace

CWE-20Improper Input ValidationCWE-434Unrestricted File Upload4 documents4 sources
Severity
9.0CRITICALNVD
EPSS
1.3%
top 20.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Meetingplace
Timeline
PublishedApr 21
Latest updateMay 17

Description

Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-rmw7-97r7-cgc9: Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 82022-05-17
CVEList
CVE-2015-0702: Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 82015-04-21

📋Vendor Advisories

1
Cisco
Cisco Unified MeetingPlace Custom Prompts languageShortName Parameter Arbitrary Code Execution Vulnerability2015-04-20
CVE-2015-0702 — Improper Input Validation in Cisco | cvebase