PT-2021-5153 · Cisco · Cisco Expressway Series+1
Hermes Bojaxhi
+1
·
Published
2021-08-18
·
Updated
2021-08-25
·
CVE-2021-34716
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) (affected versions not specified)
Description
A vulnerability in the web-based management interface could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This issue is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading specific crafted software images to the affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Expressway Series
Cisco Telepresence Video Communication Server