Sign-up

ID

VAR-201508-0480


CVE

CVE-2015-4303


TITLE

Cisco TelePresence Video Communication Server In nobody An arbitrary command execution vulnerability in the context of a user account

Trust: 0.8

sources: JVNDB: JVNDB-2015-004341

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in the context of the affected device. This issue is being tracked by Cisco Bug ID CSCuv12333

Trust: 1.98

sources: NVD: CVE-2015-4303 // JVNDB: JVNDB-2015-004341 // BID: 76322 // VULHUB: VHN-82264

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.2

Trust: 2.4

sources: JVNDB: JVNDB-2015-004341 // CNNVD: CNNVD-201508-391 // NVD: CVE-2015-4303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4303
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4303
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-391
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82264
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4303
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82264
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82264 // JVNDB: JVNDB-2015-004341 // CNNVD: CNNVD-201508-391 // NVD: CVE-2015-4303

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82264 // JVNDB: JVNDB-2015-004341 // NVD: CVE-2015-4303

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-391

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201508-391

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004341

PATCH
title:40433url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40433
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004341

EXTERNAL IDS
db:NVDid:CVE-2015-4303
Trust: 2.8
db:BIDid:76322
Trust: 2.0
db:SECTRACKid:1033268
Trust: 1.1
db:JVNDBid:JVNDB-2015-004341
Trust: 0.8
db:CNNVDid:CNNVD-201508-391
Trust: 0.7
db:VULHUBid:VHN-82264
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82264 // 
            
            
            
            BID: 76322 // 
            
            
            
            JVNDB: JVNDB-2015-004341 // 
            
            
            
            CNNVD: CNNVD-201508-391 // 
            
            
            
            NVD: CVE-2015-4303

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40433
Trust: 2.0
url:http://www.securityfocus.com/bid/76322
Trust: 1.7
url:http://www.securitytracker.com/id/1033268
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4303
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4303
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82264 // 
            
            
            
            BID: 76322 // 
            
            
            
            JVNDB: JVNDB-2015-004341 // 
            
            
            
            CNNVD: CNNVD-201508-391 // 
            
            
            
            NVD: CVE-2015-4303

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76322 // 
            
            
            
            CNNVD: CNNVD-201508-391

SOURCES
db:VULHUBid:VHN-82264
db:BIDid:76322
db:JVNDBid:JVNDB-2015-004341
db:CNNVDid:CNNVD-201508-391
db:NVDid:CVE-2015-4303

LAST UPDATE DATE
2024-11-23T22:13:24.091000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82264date:2017-09-21T00:00:00
db:BIDid:76322date:2015-11-03T19:03:00
db:JVNDBid:JVNDB-2015-004341date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-391date:2015-08-21T00:00:00
db:NVDid:CVE-2015-4303date:2024-11-21T02:30:48.117

SOURCES RELEASE DATE
db:VULHUBid:VHN-82264date:2015-08-20T00:00:00
db:BIDid:76322date:2015-08-12T00:00:00
db:JVNDBid:JVNDB-2015-004341date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-391date:2015-08-18T00:00:00
db:NVDid:CVE-2015-4303date:2015-08-20T10:59:06.763