Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability
cisco-sa-20151007-vcs · Medium · Published · Updated
A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. The vulnerability is due to insufficient protection of files. An attacker could exploit this vulnerability by creating a malicious symbolic link to a location not otherwise accessible to the attacker. An exploit could allow the attacker to insert unauthorized content in the linked-to file. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151007-vcs