ID de Prueba:	1.3.6.1.4.1.25623.1.0.106168
Categoría:	CISCO
Título:	Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability (cisco-sa-20160803-vcse)
Resumen:	A vulnerability in the administrative web interface of Cisco; TelePresence Video Communication Server Expressway could allow an authenticated, remote attacker; to execute arbitrary commands on the affected system.
Descripción:	Summary: A vulnerability in the administrative web interface of Cisco TelePresence Video Communication Server Expressway could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. Vulnerability Insight: The vulnerability is due to the failure to properly sanitize user input passed to the affected system's scripts. An attacker could exploit this vulnerability by submitting crafted input to the affected fields of the web interface. Vulnerability Impact: Successful exploitation of this vulnerability could allow an attacker to run arbitrary commands on the system. Affected Software/OS: Cisco TelePresence Video Communication Server Expressway version X8.5.2. Solution: Update to version X8.6 or later CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1468 BugTraq ID: 92274 http://www.securityfocus.com/bid/92274 Cisco Security Advisory: 20160803 Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-vcse http://www.securitytracker.com/id/1036529
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.