Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333.Referenceshttp://tools.cisco.com/security/center/viewAlert.x?alertId=40433http://www.securityfocus.com/bid/76322http://www.securitytracker.com/id/1033268
