CVE-2018-15430

CVE-2018-15430: Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability

Vendor Cisco

Product Cisco TelePresence Video Communication Server (VCS)

Weakness CWE-20 · Input validation

Published October 5, 2018

Last update November 26, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.

Key dates

02Disclosure timeline

October 5, 2018 CVE published

November 26, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-15430

Related vulnerabilities

CVE-2018-15430: Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE