CVE-2016-1468

Published: Aug 8, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.

Affected (1)

Products: Cisco: Telepresence Video Communication Server

Cisco

1 product

Telepresence Video Communication Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Video Communication Server	Version x8.5.2

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-vcse

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/92274

Source: psirt@cisco.com

http://www.securitytracker.com/id/1036529

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-vcse

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92274

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036529

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.