Improper input validation in Cisco Telepresence_video_communication_server_software

CVE-2015-4327

The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (30.8th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_video_communication_server_software — versions x8.5.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

76408 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
20150818 Cisco TelePresence Video Communication Server Expressway Arbitrary File Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1033332 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)