QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-15430

Back to search

CVE-2018-15430

Published: Oct 5, 2018

Modified: Nov 26, 2024

PUBLISHED

Description

A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.

VendorProductVersions

Cisco

Cisco TelePresence Video Communication Server (VCS)

affected
n/a

Weaknesses (CWE)

CWE-20

References

1041784
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now