Improper input validation in Cisco Telepresence_video_communication_server_software

CVE-2015-6318

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (26.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_video_communication_server_software — versions x8.5.1, x8.5.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

1033781 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20151007 Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)