CISCO : Cisco Telepresence Video Communication Server Expressway Call Policy Configuration Page Denial of Service Vulnerability (Cisco-SA-20150813-CVE-2015-4315)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105333

Categoría: CISCO

Título: Cisco Telepresence Video Communication Server Expressway Call Policy Configuration Page Denial of Service Vulnerability (Cisco-SA-20150813-CVE-2015-4315)

Resumen: A vulnerability in the Call Policy Configuration page of the; Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated,; remote attacker to cause a denial of service (DoS) condition or read arbitrary files on an; affected system.

Descripción: Summary:
A vulnerability in the Call Policy Configuration page of the
Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated,
remote attacker to cause a denial of service (DoS) condition or read arbitrary files on an
affected system.

Vulnerability Insight:
The vulnerability is due to insufficient validation of declared
document type definitions (DTD) stored externally. An attacker could exploit this vulnerability
by supplying a specially crafted XML file to the targeted system.

Vulnerability Impact:
An exploit could allow the attacker to launch a denial of
service attack or read arbitrary files.

Affected Software/OS:
Cisco TelePresence Video Communication Server Expressway
version X8.5.3.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General
solution options are to upgrade to a newer release, disable respective features, remove the
product or replace the product by another one.

CVSS Score:
5.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-4315
BugTraq ID: 76352
http://www.securityfocus.com/bid/76352
Cisco Security Advisory: 20150813 Cisco Telepresence Video Communication Server Expressway Call Policy Configuration Page Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40446
http://www.securitytracker.com/id/1033283

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105333
Categoría:	CISCO
Título:	Cisco Telepresence Video Communication Server Expressway Call Policy Configuration Page Denial of Service Vulnerability (Cisco-SA-20150813-CVE-2015-4315)
Resumen:	A vulnerability in the Call Policy Configuration page of the; Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated,; remote attacker to cause a denial of service (DoS) condition or read arbitrary files on an; affected system.
Descripción:	Summary: A vulnerability in the Call Policy Configuration page of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition or read arbitrary files on an affected system. Vulnerability Insight: The vulnerability is due to insufficient validation of declared document type definitions (DTD) stored externally. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the targeted system. Vulnerability Impact: An exploit could allow the attacker to launch a denial of service attack or read arbitrary files. Affected Software/OS: Cisco TelePresence Video Communication Server Expressway version X8.5.3. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4315 BugTraq ID: 76352 http://www.securityfocus.com/bid/76352 Cisco Security Advisory: 20150813 Cisco Telepresence Video Communication Server Expressway Call Policy Configuration Page Denial of Service Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=40446 http://www.securitytracker.com/id/1033283
Copyright	Copyright (C) 2015 Greenbone AG