Cisco TelePresence VCS Expressway Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System : 8/19/2015 5:58:07 PM
This set of templates helps you define your app feature roadmap, now and over time. From our sponsors |
| Vulnerability Databse |
| This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text. |
Cisco TelePresence VCS Expressway Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System
8/19/2015 12:00:00 AM
| Cisco TelePresence VCS Expressway Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System |
| SecurityTracker Alert ID: 1033329 |
| SecurityTracker URL: http://securitytracker.com/id/1033329 |
| CVE Reference: CVE-2015-4328, CVE-2015-4329 (Links to External Site) |
| Date: Aug 19 2015 |
| Impact: Execution of arbitrary code via network, User access via network |
| Fix Available: Yes Vendor Confirmed: Yes |
| Version(s): VCS Expressway X8.5.2 |
| Description: Two vulnerabilities were reported in Cisco TelePresence VCS Expressway. A remote authenticated user can execute arbitrary commands on the target system. A remote authenticated user can send specially crafted HTTP requests to trigger an input validation flaw in the administrator web interface to execute arbitrary commands on the underlying operating system. The vendor has assigned bug IDs CSCuv11796 [CVE-2015-4329] and CSCuv12552 [CVE-2015-4328] to these vulnerabilities. |
| Impact: A remote authenticated user can execute arbitrary operating system commands on the target system. |
| Solution: The vendor has issued a fix. The vendor's advisories are available at: http://tools.cisco.com/security/center/viewAlert.x?alertId=40522 http://tools.cisco.com/security/center/viewAlert.x?alertId=40523 |
| Vendor URL: tools.cisco.com/security/center/viewAlert.x?alertId=40522 (Links to External Site) |
| Cause: Configuration error, Input validation error |
| Underlying OS: |
| |
| Message History: None. |
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
Diberdayakan oleh Blogger.