CVE-2015-4330

Published: Sep 2, 2015Modified: May 6, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

Affected (1)

Products: Cisco: Telepresence Video Communication Server Software

Cisco

1 product

Telepresence Video Communication Server Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Video Communication Server Software	Version x8.5.2

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

http://tools.cisco.com/security/center/viewAlert.x?alertId=40541

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1033442

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/viewAlert.x?alertId=40541

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1033442

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.