CVE-2015-4329

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 35.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Server Software

Timeline

PublishedAug 20

Latest updateMay 17

Description

The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/telepresence_video_communicationx8.5.2

🔴Vulnerability Details

GHSA

GHSA-r242-56ch-cmv2: The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8↗2022-05-17

▶

CVEList

CVE-2015-4329: The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8↗2015-08-20

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability↗2015-08-18

▶