Preview Tool

Cisco Bug: CSCur02687 - Cisco TP VCS does not verify tarball on upgrade

Last Modified

Jul 01, 2015

Products (3)

  • Cisco TelePresence Video Communication Server (VCS)
  • Cisco TelePresence Video Communication Server Model
  • Cisco Expressway

Known Affected Releases

X7.2.3 X8.2.1

Description (partial)

Cisco VCS does not verify the authenticity of the tar ball that is used during the upgrade process. An attacker with admin privileges could load
a crafted file that can cause the underlying OS to execute commands

this bug is open to harden the VCS not to execute crafted file
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.