CVE-2015-4315

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Server versions prior to a fixed version

Description The issue exists due to insufficient input validation on the Call Policy Configuration page of the Cisco TelePresence Video Communication Server. This allows a remote attacker to read arbitrary files or cause a denial of service by using a specially crafted XML document. The vulnerability can be exploited by remote authenticated users.

Recommendations For Cisco TelePresence Video Communication Server versions prior to the fixed version, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Call Policy Configuration page until a patch is available.