Lucene search

[email protected]CVE-2015-4330

HistorySep 02, 2015 - 4:59 p.m.

CVE-2015-4330

2015-09-0216:59:00

CWE-78

[email protected]

web.nvd.nist.gov

cisco

telepresence

video communication server

vcs

expressway

bug id

cscuv10556

cve-2015-4330

security vulnerability

os command execution

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.2%

JSON

A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

Affected configurations

NVD

Node

ciscotelepresence_video_communication_server_softwareMatchx8.5.2expressway

CPENameOperatorVersion
cisco:telepresence_video_communication_server_softwarecisco telepresence video communication server softwareeqx8.5.2

CPE	Name	Operator	Version
cisco:telepresence_video_communication_server_software	cisco telepresence video communication server software	eq	x8.5.2

References

tools.cisco.com/security/center/viewAlert.x?alertId=40541

www.securitytracker.com/id/1033442

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2015-4330

cvelist1 cisco1 prion1 nvd1