Sign-up

ID

VAR-201508-0496


CVE

CVE-2015-4329


TITLE

Cisco TelePresence Video Communication Server For administrators Web Any in the interface OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-004351

DESCRIPTION

The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796. Successfully exploiting this issue may allow an attacker to execute arbitrary operating system commands and gain elevated privileges on the affected device. This issue is being tracked by Cisco Bug ID CSCuv11796

Trust: 1.98

sources: NVD: CVE-2015-4329 // JVNDB: JVNDB-2015-004351 // BID: 76395 // VULHUB: VHN-82290

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.2

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.2 (vcs expressway)

Trust: 0.8

sources: JVNDB: JVNDB-2015-004351 // CNNVD: CNNVD-201508-446 // NVD: CVE-2015-4329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4329
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4329
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-446
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82290
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4329
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82290
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82290 // JVNDB: JVNDB-2015-004351 // CNNVD: CNNVD-201508-446 // NVD: CVE-2015-4329

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-82290 // JVNDB: JVNDB-2015-004351 // NVD: CVE-2015-4329

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-446

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201508-446

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004351

PATCH
title:40523url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40523
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004351

EXTERNAL IDS
db:NVDid:CVE-2015-4329
Trust: 2.8
db:BIDid:76395
Trust: 2.0
db:SECTRACKid:1033329
Trust: 1.1
db:JVNDBid:JVNDB-2015-004351
Trust: 0.8
db:CNNVDid:CNNVD-201508-446
Trust: 0.7
db:VULHUBid:VHN-82290
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82290 // 
            
            
            
            BID: 76395 // 
            
            
            
            JVNDB: JVNDB-2015-004351 // 
            
            
            
            CNNVD: CNNVD-201508-446 // 
            
            
            
            NVD: CVE-2015-4329

REFERENCES
url:http://www.securityfocus.com/bid/76395
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40523
Trust: 1.7
url:http://www.securitytracker.com/id/1033329
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4329
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4329
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82290 // 
            
            
            
            BID: 76395 // 
            
            
            
            JVNDB: JVNDB-2015-004351 // 
            
            
            
            CNNVD: CNNVD-201508-446 // 
            
            
            
            NVD: CVE-2015-4329

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76395 // 
            
            
            
            CNNVD: CNNVD-201508-446

SOURCES
db:VULHUBid:VHN-82290
db:BIDid:76395
db:JVNDBid:JVNDB-2015-004351
db:CNNVDid:CNNVD-201508-446
db:NVDid:CVE-2015-4329

LAST UPDATE DATE
2024-11-23T22:56:24.534000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82290date:2017-01-04T00:00:00
db:BIDid:76395date:2015-08-18T00:00:00
db:JVNDBid:JVNDB-2015-004351date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-446date:2015-08-21T00:00:00
db:NVDid:CVE-2015-4329date:2024-11-21T02:30:50.587

SOURCES RELEASE DATE
db:VULHUBid:VHN-82290date:2015-08-20T00:00:00
db:BIDid:76395date:2015-08-18T00:00:00
db:JVNDBid:JVNDB-2015-004351date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-446date:2015-08-20T00:00:00
db:NVDid:CVE-2015-4329date:2015-08-20T10:59:10.903