CVE-2015-4315

medium Cisco
CVSS v3 Base Score
5.5
AV:N/AC:L/Au:S/C:P/I:N/A:P
EPSS Score
0.5%
Exploitation probability in 30 days
Top 36% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
P
Published: August 20, 2015 (3920 days ago)
Last Modified: May 6, 2026
Vendor: Cisco
Source: NVD

Description

The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.

CWE

CWE-20

Affected Products

cisco telepresence video communication server software

References

🔗 tools.cisco.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 tools.cisco.com 🔗 www.securityfocus.com