CVE-2015-4330

Cisco TelePresence Video Communication Server Expressway X8.5.2 - OS Command Injection via Invalid Parameters

Title source: llm
STIX 2.1

Description

A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033442
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=40541

Scores

EPSS 0.0054
EPSS Percentile 41.4%

Details

CWE
CWE-78
Status published
Products (1)
cisco/telepresence_video_communication_server_software x8.5.2
Published Sep 02, 2015
Tracked Since Feb 18, 2026