Input validation

2015-08-2000:59:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.1%

JSON

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account’s read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.

CPENameOperatorVersion
telepresence_video_communication_server_softwareeq8.5.2120

CPE	Name	Operator	Version
	telepresence_video_communication_server_software	eq	8.5.2120

References

tools.cisco.com/security/center/viewAlert.x?alertId=40522

www.securityfocus.com/bid/76399

www.securitytracker.com/id/1033329