CVE-2018-15430 - OpenCVE

A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Telepresence Video Communication Server

Configuration 1 [-]

OR	cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.4:::::::*
	cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:::::::*
	cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:::::::*

References

Link	Resource
http://www.securitytracker.com/id/1041784	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-express-vcs-rce	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2018-10-03T00:00:00

Updated: 2018-10-07T09:57:02

Reserved: 2018-08-17T00:00:00

Link: CVE-2018-15430

JSON object: View

NVD Information

Status : Modified

Published: 2018-10-05T14:29:11.793

Modified: 2019-10-09T23:35:36.547

Link: CVE-2018-15430

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "Cisco TelePresence Video Communication Server (VCS) ", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-10-07T09:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1041784", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041784"}, {"name": "20181003 Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-express-vcs-rce"}], "source": {"advisory": "cisco-sa-20181003-express-vcs-rce", "defect": [["CSCvi50935"]], "discovery": "UNKNOWN"}, "title": "Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-10-03T16:00:00-0500", "ID": "CVE-2018-15430", "STATE": "PUBLIC", "TITLE": "Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco TelePresence Video Communication Server (VCS) ", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system."}]}, "impact": {"cvss": {"baseScore": "4.7", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "1041784", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041784"}, {"name": "20181003 Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-express-vcs-rce"}]}, "source": {"advisory": "cisco-sa-20181003-express-vcs-rce", "defect": [["CSCvi50935"]], "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-15430", "datePublished": "2018-10-03T00:00:00", "dateReserved": "2018-08-17T00:00:00", "dateUpdated": "2018-10-07T09:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "03C14F1F-15BD-451E-A884-A6600DDB6D7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "24FBD9A7-D1A2-472E-BE99-19BD26661D6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "78076546-FA9A-4AF6-ACDB-D4294E8F6BD0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web administrativa de Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) podr\u00eda permitir que un atacante remoto autenticado ejecute c\u00f3digo con privilegios de nivel de usuario en el sistema operativo subyacente. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente del contenido de los paquetes de actualizaci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad subiendo un archivo malicioso a la p\u00e1gina Upgrade de la interfaz web administrativa. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante ejecute c\u00f3digo con privilegios de nivel de usuario en el sistema operativo subyacente."}], "id": "CVE-2018-15430", "lastModified": "2019-10-09T23:35:36.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-05T14:29:11.793", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041784"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-express-vcs-rce"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}