CVE-2015-4315

Cisco TelePresence Video Communication Server Expressway X8.5.3 - Authenticated XML External Entity Injection

Title source: llm
STIX 2.1

Description

The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=40446
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76352
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033283

Scores

EPSS 0.0187
EPSS Percentile 76.9%

Details

CWE
CWE-20
Status published
Products (1)
cisco/telepresence_video_communication_server_software x8.5.3
Published Aug 20, 2015
Tracked Since Feb 18, 2026