PT-2015-1961 · Cisco · Cisco Telepresence Video Communication Server (Vcs) Expressway

Publicado

2015-08-20

Atualizado

2017-09-21

CVE-2015-4320

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Server (VCS) Expressway version X8.5.2

Description The issue concerns the Configuration Log File component, which lacks protection of sensitive data. This allows a remote authenticated user to obtain sensitive information by reading a log file.

Recommendations For version X8.5.2, consider restricting access to the log file to prevent unauthorized reading of sensitive information until a fix is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BDU:2015-11307

CVE-2015-4320

Produtos afetados

Cisco Telepresence Video Communication Server (Vcs) Expressway

PT-2015-1961 · Cisco · Cisco Telepresence Video Communication Server (Vcs) Expressway

CVE-2015-4320

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5