First published: Fri Oct 05 2018(Updated: )
A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Video Communication Server | =x7.2.4 | |
Cisco TelePresence Video Communication Server | =x8.9.2 | |
Cisco TelePresence Video Communication Server | =x8.10.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-15430 is a vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system.
CVE-2018-15430 has a severity rating of 7.2 out of 10, which is considered high.
CVE-2018-15430 affects Cisco TelePresence Video Communication Server versions x7.2.4, x8.9.2, and x8.10.4.
An attacker can exploit CVE-2018-15430 by accessing the administrative web interface and executing code with user-level privileges on the underlying operating system.
Yes, Cisco has released security advisories recommending updates and patches to address CVE-2018-15430. Please refer to the official Cisco Security Advisory for more information.