SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Cisco TelePresence Vendors:   Cisco
Cisco TelePresence VCS Expressway Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System
SecurityTracker Alert ID:  1033329
SecurityTracker URL:  http://securitytracker.com/id/1033329
CVE Reference:   CVE-2015-4328, CVE-2015-4329   (Links to External Site)
Date:  Aug 19 2015
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): VCS Expressway X8.5.2
Description:   Two vulnerabilities were reported in Cisco TelePresence VCS Expressway. A remote authenticated user can execute arbitrary commands on the target system.

A remote authenticated user can send specially crafted HTTP requests to trigger an input validation flaw in the administrator web interface to execute arbitrary commands on the underlying operating system.

The vendor has assigned bug IDs CSCuv11796 [CVE-2015-4329] and CSCuv12552 [CVE-2015-4328] to these vulnerabilities.

Impact:   A remote authenticated user can execute arbitrary operating system commands on the target system.
Solution:   The vendor has issued a fix.

The vendor's advisories are available at:

http://tools.cisco.com/security/center/viewAlert.x?alertId=40522
http://tools.cisco.com/security/center/viewAlert.x?alertId=40523

Vendor URL:  tools.cisco.com/security/center/viewAlert.x?alertId=40522 (Links to External Site)
Cause:   Configuration error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC