CVE-2015-4315

2015-08-2000:59:01

CWE-20

cisco

web.nvd.nist.gov

cisco

vcs

expressway

x8.5.3

cve-2015-4315

xml

dtd

cisco telepresence

video communication server

cscuv31853

security vulnerability

denial of service

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

61.3%

JSON

The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.

Affected configurations

Nvd

Node

ciscotelepresence_video_communication_server_softwareMatchx8.5.3expressway

VendorProductVersionCPE
ciscotelepresence_video_communication_server_softwarex8.5.3cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_video_communication_server_software	x8.5.3	cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3::::expressway:::