Vulnerability Description
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Telepresence Video Communication Server Software | x8.5.3 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=40446Vendor Advisory
- http://www.securityfocus.com/bid/76352
- http://www.securitytracker.com/id/1033283
- http://tools.cisco.com/security/center/viewAlert.x?alertId=40446Vendor Advisory
- http://www.securityfocus.com/bid/76352
- http://www.securitytracker.com/id/1033283
FAQ
What is CVE-2015-4315?
CVE-2015-4315 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrar...
How severe is CVE-2015-4315?
CVE-2015-4315 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4315?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence Video Communication Server Software.