CVE-2015-4330

A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=40541	Vendor Advisory
http://www.securitytracker.com/id/1033442	Third Party Advisory VDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=40541	Vendor Advisory
http://www.securitytracker.com/id/1033442	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*

History

No history.

Information

Published : 2015-09-02 16:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-4330

Mitre link : CVE-2015-4330

CVE.ORG link : CVE-2015-4330

JSON object : View

Products Affected

cisco

telepresence_video_communication_server_software

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2015-4330", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-02T16:59:00.173", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40541", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id/1033442", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40541", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1033442", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556."}, {"lang": "es", "value": "Vulnerabilidad en un archivo de script local en Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2, permite a usuarios locales obtener privilegios para la ejecuci\u00f3n de comandos del sistema operativo a trav\u00e9s de par\u00e1metros no v\u00e1lidos, tambi\u00e9n conocida como Bug ID CSCuv10556."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*", "vulnerable": true, "matchCriteriaId": "E549E37F-3D1A-490B-8BEE-482D082486EA"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}