Improper input validation in Cisco Telepresence_video_communication_server_software
CVE-2015-4329
The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.005 (64.6th percentile) — read the EPSS interpretation.
Affected products
- Cisco Telepresence_video_communication_server_software — versions x8.5.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 76395 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 1033329 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 20150818 Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)