Cisco TelePresence VCS Expressway 8.5.1 / 8.5.2 request-xconfdump Symbolic Link Local File Manipulation (cisco-sa-20141007-vcs)

According to its self-reported version, the instance of Cisco TelePresence Video Communication Server VCS Expressway running on the remote host is affected by a file manipulation vulnerability in request-xconfdump due to insufficient protection of files. An authenticated, local attacker can explo...

Code injection

Cisco TelePresence Video Communication Server VCS Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969...