Sign-up

ID

VAR-201508-0495


CVE

CVE-2015-4328


TITLE

Cisco TelePresence Video Communication Server Expressway In any OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-004350

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552. Vendors have confirmed this vulnerability Bug ID CSCuv12552 It is released as.Crafted by remotely authenticated users HTTP Any via request OS The command may be executed. Successfully exploiting this issue may allow an attacker to execute arbitrary commands on underlying operating system of the affected device. This issue is being tracked by Cisco Bug ID CSCuv12552. There is a security vulnerability in Cisco TelePresence VCS Expressway X8.5.2. The vulnerability is caused by the fact that the program does not correctly check the read-only attribute of the user account

Trust: 1.98

sources: NVD: CVE-2015-4328 // JVNDB: JVNDB-2015-004350 // BID: 76399 // VULHUB: VHN-82289

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.2

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.2 (vcs expressway)

Trust: 0.8

sources: JVNDB: JVNDB-2015-004350 // CNNVD: CNNVD-201508-436 // NVD: CVE-2015-4328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4328
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4328
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-436
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82289
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4328
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82289
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82289 // JVNDB: JVNDB-2015-004350 // CNNVD: CNNVD-201508-436 // NVD: CVE-2015-4328

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-82289 // JVNDB: JVNDB-2015-004350 // NVD: CVE-2015-4328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-436

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201508-436

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004350

PATCH
title:40522url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40522
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004350

EXTERNAL IDS
db:NVDid:CVE-2015-4328
Trust: 2.8
db:BIDid:76399
Trust: 1.4
db:SECTRACKid:1033329
Trust: 1.1
db:JVNDBid:JVNDB-2015-004350
Trust: 0.8
db:CNNVDid:CNNVD-201508-436
Trust: 0.7
db:VULHUBid:VHN-82289
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82289 // 
            
            
            
            BID: 76399 // 
            
            
            
            JVNDB: JVNDB-2015-004350 // 
            
            
            
            CNNVD: CNNVD-201508-436 // 
            
            
            
            NVD: CVE-2015-4328

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40522
Trust: 2.0
url:http://www.securityfocus.com/bid/76399
Trust: 1.1
url:http://www.securitytracker.com/id/1033329
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4328
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4328
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82289 // 
            
            
            
            BID: 76399 // 
            
            
            
            JVNDB: JVNDB-2015-004350 // 
            
            
            
            CNNVD: CNNVD-201508-436 // 
            
            
            
            NVD: CVE-2015-4328

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76399

SOURCES
db:VULHUBid:VHN-82289
db:BIDid:76399
db:JVNDBid:JVNDB-2015-004350
db:CNNVDid:CNNVD-201508-436
db:NVDid:CVE-2015-4328

LAST UPDATE DATE
2024-11-23T22:56:24.504000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82289date:2017-01-04T00:00:00
db:BIDid:76399date:2015-08-18T00:00:00
db:JVNDBid:JVNDB-2015-004350date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-436date:2015-08-20T00:00:00
db:NVDid:CVE-2015-4328date:2024-11-21T02:30:50.470

SOURCES RELEASE DATE
db:VULHUBid:VHN-82289date:2015-08-20T00:00:00
db:BIDid:76399date:2015-08-18T00:00:00
db:JVNDBid:JVNDB-2015-004350date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-436date:2015-08-20T00:00:00
db:NVDid:CVE-2015-4328date:2015-08-20T00:59:06.060