CVE-2015-0702

Cisco Unified Meetingplace - Improper Input Validation

Title source: rule

Description

Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.

References (2)

[Vendor Advisory] http://tools.cisco.com/security/center/viewAlert.x?alertId=38455

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032165

Scores

EPSS 0.0127

EPSS Percentile 79.2%

Classification

CWE

CWE-434 CWE-20

Status draft

Affected Products (1)

cisco/unified_meetingplace

Timeline

Published Apr 21, 2015

Tracked Since Feb 18, 2026