Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability

A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.

N/A

输入验证不恰当

Cisco Expressway Series和TelePresence Video Communication Server 输入验证漏洞

Cisco Expressway Series和TelePresence Video Communication Server（VCS）都是美国思科（Cisco）公司的视频会议服务器。 Cisco Expressway Series和TelePresence VCS中的管理Web界面存在输入验证漏洞，该漏洞源于程序没有充分的验证更新包的内容。远程攻击者可通过向更新页面发送恶意的归档文件利用该漏洞在底层操作系统上以用户级别的权限执行代码。

N/A

N/A