CVE-2015-4329
 
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796.
Vulnerabilidad en la interfaz web de administrador en Cisco TelePresence Video Communication Server (VCS) X8.5.2, permite a usuarios remotos autenticados ejecutar comandos arbitrarios del sistema operativo a través de solicitudes HTTP manipuladas, también conocida como Bug ID CSCuv11796.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-06-04 CVE Reserved
- 2015-08-20 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/76395 | Third Party Advisory | |
http://www.securitytracker.com/id/1033329 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://tools.cisco.com/security/center/viewAlert.x?alertId=40523 | 2017-01-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Telepresence Video Communication Server Software Search vendor "Cisco" for product "Telepresence Video Communication Server Software" | x8.5.2 Search vendor "Cisco" for product "Telepresence Video Communication Server Software" and version "x8.5.2" | - |
Affected
|