CVE-2015-6318

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 73.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Server Software

Timeline

PublishedOct 12

Latest updateMay 17

Description

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/telepresence_video_communicationx8.5.1, x8.5.2+1

🔴Vulnerability Details

GHSA

GHSA-c4f9-xqxp-hcrv: Cisco TelePresence Video Communication Server (VCS) Expressway X8↗2022-05-17

▶

CVEList

CVE-2015-6318: Cisco TelePresence Video Communication Server (VCS) Expressway X8↗2015-10-12

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability↗2015-10-07

▶