CVE-2015-4330

medium

Published 2015-09-02 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.9

VIR risk

6.9

Description

A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/viewAlert.x?alertId=40541

Application impact

Vendor	Product	Versions	Fixed
cisco	telepresence_video_communication_server_software	`x8.5.2`

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=40541
http://www.securitytracker.com/id/1033442
http://tools.cisco.com/security/center/viewAlert.x?alertId=40541
http://www.securitytracker.com/id/1033442

CWEs

CWE-78

Verify integrity in audit chain (admin only). AS-IS.