Lucene search

[email protected]CVE-2015-0702

HistoryApr 21, 2015 - 2:59 a.m.

CVE-2015-0702

2015-04-2102:59:00

CWE-20

CWE-434

[email protected]

web.nvd.nist.gov

cve-2015-0702

cisco

meetingplace

file upload vulnerability

remote code execution

nvd

bug id cscus95712

7.5 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.2%

JSON

Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.

CPENameOperatorVersion
cisco:unified_meetingplacecisco unified meetingplaceeq8.6\(1.9\)

CPE	Name	Operator	Version
cisco:unified_meetingplace	cisco unified meetingplace	eq	8.6\(1.9\)

References

tools.cisco.com/security/center/viewAlert.x?alertId=38455

www.securitytracker.com/id/1032165

7.5 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for CVE-2015-0702

cisco1 prion1 cvelist1