A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, local malicious user to perform a symbolic link attack on the affected system. The vulnerability is due to insufficient protection of files. An attacker could exploit this vulnerability by creating a malicious symbolic link to a location not otherwise accessible to the attacker. An exploit could allow the malicious user to insert unauthorized content in the linked-to file. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151007-vcs
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco telepresence video communication server software x8.5.1 |
||
cisco telepresence video communication server software x8.5.2 |