Test ID:	1.3.6.1.4.1.25623.1.0.106168
Category:	CISCO
Title:	Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability (cisco-sa-20160803-vcse)
Summary:	A vulnerability in the administrative web interface of Cisco; TelePresence Video Communication Server Expressway could allow an authenticated, remote attacker; to execute arbitrary commands on the affected system.
Description:	Summary: A vulnerability in the administrative web interface of Cisco TelePresence Video Communication Server Expressway could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. Vulnerability Insight: The vulnerability is due to the failure to properly sanitize user input passed to the affected system's scripts. An attacker could exploit this vulnerability by submitting crafted input to the affected fields of the web interface. Vulnerability Impact: Successful exploitation of this vulnerability could allow an attacker to run arbitrary commands on the system. Affected Software/OS: Cisco TelePresence Video Communication Server Expressway version X8.5.2. Solution: Update to version X8.6 or later CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1468 BugTraq ID: 92274 http://www.securityfocus.com/bid/92274 Cisco Security Advisory: 20160803 Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-vcse http://www.securitytracker.com/id/1036529
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.