CVE-2015-4327

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGH

EPSS

0.1%

top 68.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Server Software

Timeline

PublishedAug 20

Latest updateMay 17

Description

The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/telepresence_video_communicationx8.5.2

🔴Vulnerability Details

GHSA

GHSA-h92v-j4j5-v87x: The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8↗2022-05-17

▶

CVEList

CVE-2015-4327: The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8↗2015-08-20

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Video Communication Server Expressway Arbitrary File Injection Vulnerability↗2015-08-18

▶