CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-4328

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.6%

CVSS Severity

CVSS v2 Score 4.0

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=40522
http://www.securityfocus.com/bid/76399
http://www.securitytracker.com/id/1033329
http://tools.cisco.com/security/center/viewAlert.x?alertId=40522
http://www.securityfocus.com/bid/76399
http://www.securitytracker.com/id/1033329

Products affected by CVE-2015-4328

Cisco » Telepresence Video Communication Server Software » Version: x8.5.2

cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-4328

Products

Pricing

Contact Us