漏洞标题
Cisco Expressway Series 和 TelePresence Video Communication Server 图像验证漏洞
漏洞描述信息
思科Expressway系列和TelePresence视频通信服务器图片验证漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability
漏洞描述信息
A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges (the _nobody account) on the underlying operating system.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
漏洞类别
密码学签名的验证不恰当
漏洞标题
Cisco Expressway Series和Cisco TelePresence Video Communication Server 数据伪造问题漏洞
漏洞描述信息
Cisco Expressway Series和Cisco TelePresence Video Communication Server(VCS)都是美国思科(Cisco)公司的产品。Cisco Expressway Series是一款用于防火墙外访问设备的软件。该软件为防火墙外的用户提供了简单、高度安全的访问功能,帮助远程办公人员在他们选择的设备上更有效地工作。Cisco TelePresence Video Communication Server是一款视频通信服务器。 Cisco Expressw
CVSS信息
N/A
漏洞类别
授权问题