Vulnerability in Cisco Telepresence_video_communication_server_software

CVE-2015-4303

Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333.

EPSS: 0.006 (69.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_video_communication_server_software — versions x8.5.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

20150812 Cisco TelePresence Video Communication Server Command Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
76322 (vdb-entry, x_refsource_BID)
1033268 (vdb-entry, x_refsource_SECTRACK)