Description
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=38455
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032165
Scores
EPSS
0.0127
EPSS Percentile
79.6%
Details
CWE
CWE-20
CWE-434
Status
published
Products (1)
cisco/unified_meetingplace
8.6\(1.9\)
Published
Apr 21, 2015
Tracked Since
Feb 18, 2026