Sign-up

ID

VAR-201508-0484


CVE

CVE-2015-4315


TITLE

Cisco TelePresence Video Communication Server Expressway of Call Policy Configuration Vulnerability in reading arbitrary files on pages

Trust: 0.8

sources: JVNDB: JVNDB-2015-004343

DESCRIPTION

The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853. Cisco TelePresence Video Communication Server Expressway is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition or read arbitrary files on an affected system. This issue is being tracked by Cisco bug ID CSCuv31853

Trust: 1.98

sources: NVD: CVE-2015-4315 // JVNDB: JVNDB-2015-004343 // BID: 76352 // VULHUB: VHN-82276

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.3

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.3 (vcs expressway)

Trust: 0.8

vendor:ciscomodel:telepresence video communication server expresswayscope:eqversion:x8.5.3

Trust: 0.3

sources: BID: 76352 // JVNDB: JVNDB-2015-004343 // CNNVD: CNNVD-201508-370 // NVD: CVE-2015-4315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4315
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4315
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-370
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82276
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4315
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82276
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82276 // JVNDB: JVNDB-2015-004343 // CNNVD: CNNVD-201508-370 // NVD: CVE-2015-4315

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-82276 // JVNDB: JVNDB-2015-004343 // NVD: CVE-2015-4315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-370

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201508-370

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004343

PATCH
title:40446url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40446
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004343

EXTERNAL IDS
db:NVDid:CVE-2015-4315
Trust: 2.8
db:BIDid:76352
Trust: 2.0
db:SECTRACKid:1033283
Trust: 1.1
db:JVNDBid:JVNDB-2015-004343
Trust: 0.8
db:CNNVDid:CNNVD-201508-370
Trust: 0.7
db:SEEBUGid:SSVID-89627
Trust: 0.1
db:VULHUBid:VHN-82276
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82276 // 
            
            
            
            BID: 76352 // 
            
            
            
            JVNDB: JVNDB-2015-004343 // 
            
            
            
            CNNVD: CNNVD-201508-370 // 
            
            
            
            NVD: CVE-2015-4315

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40446
Trust: 2.0
url:http://www.securityfocus.com/bid/76352
Trust: 1.7
url:http://www.securitytracker.com/id/1033283
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4315
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4315
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82276 // 
            
            
            
            BID: 76352 // 
            
            
            
            JVNDB: JVNDB-2015-004343 // 
            
            
            
            CNNVD: CNNVD-201508-370 // 
            
            
            
            NVD: CVE-2015-4315

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76352 // 
            
            
            
            CNNVD: CNNVD-201508-370

SOURCES
db:VULHUBid:VHN-82276
db:BIDid:76352
db:JVNDBid:JVNDB-2015-004343
db:CNNVDid:CNNVD-201508-370
db:NVDid:CVE-2015-4315

LAST UPDATE DATE
2025-04-13T23:14:30.642000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82276date:2017-09-21T00:00:00
db:BIDid:76352date:2015-08-13T00:00:00
db:JVNDBid:JVNDB-2015-004343date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-370date:2015-08-20T00:00:00
db:NVDid:CVE-2015-4315date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-82276date:2015-08-20T00:00:00
db:BIDid:76352date:2015-08-13T00:00:00
db:JVNDBid:JVNDB-2015-004343date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-370date:2015-08-18T00:00:00
db:NVDid:CVE-2015-4315date:2015-08-20T00:59:01.700