CVE-2015-4328

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Server versions X8.5.2

Description The issue exists due to insufficient input validation in the software. It allows a remote attacker to execute arbitrary OS commands using a specially crafted HTTP request. This can be achieved by exploiting the improper checking of a user account's read-only attribute, enabling remote authenticated users to perform read or write operations on the Unified Communications lookup page.

Recommendations For version X8.5.2, consider restricting access to the Unified Communications lookup page until a patch is available. As a temporary workaround, limit the execution of arbitrary OS commands by restricting the use of crafted HTTP requests.