Cisco: >> Telepresence Video Communication Server Software >> x8.5.2 Security Vulnerabilities
Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333.
CVSS Score
6.5
EPSS Score
0.006
Published
2015-08-20
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.
CVSS Score
4.0
EPSS Score
0.002
Published
2015-08-20
The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-08-20
The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340.
CVSS Score
4.0
EPSS Score
0.002
Published
2015-08-20
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469.
CVSS Score
5.0
EPSS Score
0.008
Published
2015-08-20
Page 2