RCE in Cisco Telepresence_video_communication_server_software

CVE-2015-4330

A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (42.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_video_communication_server_software — versions x8.5.2
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

1033442 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20150901 Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)