CVE-2015-4320

CWE-200 — Information Exposure4 documents4 sources

Severity

4.0MEDIUM

EPSS

0.2%

top 58.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Server Software

Timeline

PublishedAug 20

Latest updateMay 17

Description

The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/telepresence_video_communicationx8.5.2

🔴Vulnerability Details

GHSA

GHSA-4642-8q68-7rgp: The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8↗2022-05-17

▶

CVEList

CVE-2015-4320: The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8↗2015-08-20

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability↗2015-08-13

▶