The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422.
http://www.securitytracker.com/id/1033266
http://tools.cisco.com/security/center/viewAlert.x?alertId=40439