CVE-2015-4303

CWE-264CWE-78OS Command Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 31.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Telepresence Video Communication Server Software
Timeline
PublishedAug 20
Latest updateMay 17

Description

Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-52gm-mw2g-p3w8: Cisco TelePresence Video Communication Server (VCS) X82022-05-17
CVEList
CVE-2015-4303: Cisco TelePresence Video Communication Server (VCS) X82015-08-20

📋Vendor Advisories

1
Cisco
Cisco TelePresence Video Communication Server Command Injection Vulnerability2015-08-12
CVE-2015-4303 (MEDIUM CVSS 6.5) | Cisco TelePresence Video Communicat | cvebase.io