vulnerability

Cisco Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2021-34715: Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Aug 18, 2021	Sep 30, 2024	Oct 7, 2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Aug 18, 2021

Added

Sep 30, 2024

Modified

Oct 7, 2024

Description

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges (the _nobody account) on the underlying operating system.

Solution

cisco-telepresence-expressway-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today