Rapid7 Vulnerability & Exploit Database

Cisco Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2021-34715: Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Cisco Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2021-34715: Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
08/18/2021
Created
10/05/2024
Added
09/30/2024
Modified
10/07/2024

Description

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges (the _nobody account) on the underlying operating system.

Solution(s)

  • cisco-telepresence-expressway-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;