CVE-2015-0702

Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=38455	Vendor Advisory
http://www.securitytracker.com/id/1032165	Third Party Advisory VDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=38455	Vendor Advisory
http://www.securitytracker.com/id/1032165	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:unified_meetingplace:8.6\(1.9\):*:*:*:*:*:*:*

History

21 Nov 2024, 02:23

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/viewAlert.x?alertId=38455 - Vendor Advisory~~	() http://tools.cisco.com/security/center/viewAlert.x?alertId=38455 - Vendor Advisory
References	~~() http://www.securitytracker.com/id/1032165 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1032165 - Third Party Advisory, VDB Entry

Information

Published : 2015-04-21 02:59

Updated : 2024-11-21 02:23

NVD link : CVE-2015-0702

Mitre link : CVE-2015-0702

CVE.ORG link : CVE-2015-0702

JSON object : View

Products Affected

cisco

unified_meetingplace

CWE

CWE-20

Improper Input Validation

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2015-0702", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-04-21T02:59:00.997", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38455", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032165", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38455", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032165", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712."}, {"lang": "es", "value": "Vulnerabilidad de la subida de ficheros ain restricciones en la implementaci\u00f3n Custom Prompts upload en Cisco Unified MeetingPlace 8.6(1.9) permite a usuariosm remotos autenticados ejecutar c\u00f3digo arbitrario mediante el uso del par\u00e1metro languageShortName para subir un fichero que proporciona el acceso de shell, tambi\u00e9n conocido como Bug ID CSCus95712."}], "lastModified": "2024-11-21T02:23:33.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_meetingplace:8.6\\(1.9\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C47E11F-0218-4C33-B59D-8854640B3204"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}