Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability

cisco-sa-20181003-express-vcs-rce · Medium · Published · Updated

A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-express-vcs-rce

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2018-15430
Cisco Bug IDsCSCvi50935
CVSS ScoreBase 4.7
Base 4.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco TelePresence Video Communication Server (VCS), Cisco Expressway

Related Products

Product CVE Evidence
Cisco TelePresence Video Communication Server (VCS) CVE-2018-15430 Cisco OpenVuln
Cisco TelePresence CVE-2018-15430 Cisco OpenVuln
Cisco Expressway CVE-2018-15430 Cisco OpenVuln