CiscoCISCO-SA-20130701-CVE-2013-3401Cisco TC Software SIP Implementation Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
45.9%
A vulnerability in the Session Initiation Protocol (SIP) implementation used in TC Software could allow an unauthenticated, remoteattacker to cause an endpoint to process unintended SIP NOTIFY messages.
The vulnerability is due to errors in the SIP implementation. An attacker could exploit this vulnerability to cause the generation of unintended NOTIFY messages that may affect the integrity of communications.
Cisco has confirmed this vulnerability in a security notice and software updates are available.
To exploit this vulnerability, an attacker would likely need access to trusted, internal networks in which the targeted device may reside. This access requirement decreases the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | telepresence_tc_software | any | cpe:2.3:a:cisco:telepresence_tc_software:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
45.9%