Описание
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges.
Уязвимые конфигурации
Одно из
EPSS
6.5 Medium
CVSS3
7.2 High
CVSS3
Дефекты
Связанные уязвимости
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges.
Уязвимость веб-интерфейса управления устройств управления конференц-связью Cisco Expressway Series и Cisco Telepresence VCS, позволяющая нарушителю выполнить произвольный код
EPSS
6.5 Medium
CVSS3
7.2 High
CVSS3