Vulnerability Details : CVE-2015-4315
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-4315
- cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4315
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4315
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:P |
8.0
|
4.9
|
NIST |
CWE ids for CVE-2015-4315
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4315
-
http://www.securitytracker.com/id/1033283
Cisco TelePresence Video Communication Server Expressway External DTD Flaw Lets Remote Users Read Files and Deny Service - SecurityTracker
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=40446
Cisco Telepresence Video Communication Server Expressway Call Policy Configuration Page Denial of Service VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/76352
Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
Jump to