Sign-up

ID

VAR-201508-0494


CVE

CVE-2015-4327


TITLE

Cisco TelePresence Video Communication Server Expressway of CLI In root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-004349

DESCRIPTION

The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. Successful exploits will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCuv12542. The vulnerability is caused by the program not properly validating the input content in the local file

Trust: 1.98

sources: NVD: CVE-2015-4327 // JVNDB: JVNDB-2015-004349 // BID: 76408 // VULHUB: VHN-82288

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.2

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.2 (vcs expressway)

Trust: 0.8

vendor:ciscomodel:telepresence video communication server expresswayscope:eqversion:x8.5.2

Trust: 0.3

sources: BID: 76408 // JVNDB: JVNDB-2015-004349 // CNNVD: CNNVD-201508-435 // NVD: CVE-2015-4327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4327
value: HIGH

Trust: 1.0

NVD: CVE-2015-4327
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201508-435
value: HIGH

Trust: 0.6

VULHUB: VHN-82288
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-4327
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82288
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82288 // JVNDB: JVNDB-2015-004349 // CNNVD: CNNVD-201508-435 // NVD: CVE-2015-4327

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-82288 // JVNDB: JVNDB-2015-004349 // NVD: CVE-2015-4327

THREAT TYPE

local

Trust: 0.9

sources: BID: 76408 // CNNVD: CNNVD-201508-435

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201508-435

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004349

PATCH
title:40518url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40518
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004349

EXTERNAL IDS
db:NVDid:CVE-2015-4327
Trust: 2.8
db:BIDid:76408
Trust: 1.4
db:SECTRACKid:1033332
Trust: 1.1
db:JVNDBid:JVNDB-2015-004349
Trust: 0.8
db:CNNVDid:CNNVD-201508-435
Trust: 0.7
db:VULHUBid:VHN-82288
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82288 // 
            
            
            
            BID: 76408 // 
            
            
            
            JVNDB: JVNDB-2015-004349 // 
            
            
            
            CNNVD: CNNVD-201508-435 // 
            
            
            
            NVD: CVE-2015-4327

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40518
Trust: 2.0
url:http://www.securityfocus.com/bid/76408
Trust: 1.1
url:http://www.securitytracker.com/id/1033332
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4327
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4327
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82288 // 
            
            
            
            BID: 76408 // 
            
            
            
            JVNDB: JVNDB-2015-004349 // 
            
            
            
            CNNVD: CNNVD-201508-435 // 
            
            
            
            NVD: CVE-2015-4327

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76408

SOURCES
db:VULHUBid:VHN-82288
db:BIDid:76408
db:JVNDBid:JVNDB-2015-004349
db:CNNVDid:CNNVD-201508-435
db:NVDid:CVE-2015-4327

LAST UPDATE DATE
2024-11-23T23:05:38.371000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82288date:2017-01-04T00:00:00
db:BIDid:76408date:2015-08-18T00:00:00
db:JVNDBid:JVNDB-2015-004349date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-435date:2015-08-20T00:00:00
db:NVDid:CVE-2015-4327date:2024-11-21T02:30:50.357

SOURCES RELEASE DATE
db:VULHUBid:VHN-82288date:2015-08-20T00:00:00
db:BIDid:76408date:2015-08-18T00:00:00
db:JVNDBid:JVNDB-2015-004349date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-435date:2015-08-20T00:00:00
db:NVDid:CVE-2015-4327date:2015-08-20T00:59:04.967