// For flags

CVE-2015-4315

 

Severity Score

5.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.

Vulnerabilidad en la página Call Policy Configuration en Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3, no valida correctamente las DTDs externas, lo cual permite a usuarios remotos autenticados leer archivos de forma arbitraria o causar una denegación de servicio a través de un documento XML manipulado, también conocido como Bug ID CSCuv31853.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-06-04 CVE Reserved
  • 2015-08-20 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Telepresence Video Communication Server Software
Search vendor "Cisco" for product "Telepresence Video Communication Server Software"
 x8.5.3
Search vendor "Cisco" for product "Telepresence Video Communication Server Software" and version "x8.5.3"
expressway
Affected