Vulnerability Details CVE-2018-15430
A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.9%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2018-15430
-
cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.4
-
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4
-
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2