exploitDog

GHSA-565h-f96p-rpm8

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.

Ссылки

EPSS

Процентиль: 47%

0.00243

Низкий

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2015-4328

nvd

больше 10 лет назад

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.

BDU:2015-11309

fstec

больше 10 лет назад

Уязвимость микропрограммного обеспечения устройства управления вызовами Cisco TelePresence Video Communication Server, позволяющая нарушителю выполнять произвольные команды операционной системы

EPSS

Процентиль: 47%

0.00243

Низкий

CVE ID

Дефекты

CWE-20