Lucene search

K
ciscoCiscoCISCO-SA-20150609-CVE-2015-0772
HistoryJun 09, 2015 - 6:34 p.m.

Cisco TelePresence Video Communication Server SDP Over SIP Denial of Service Vulnerability

2015-06-0918:34:07
tools.cisco.com
22

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

EPSS

0.001

Percentile

48.6%

A vulnerability in the Session Description Protocol (SDP) parser of the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause the Cisco VCS device to become unreachable due to a denial of service (DoS) attack caused by high CPU utilization.

The vulnerability is due to a parsing error in the SDP parameter negotiation request. An attacker could exploit this vulnerability by initiating an SDP session over a Session Initiation Protocol (SIP) connection to the Cisco VCS device and sending a crafted SDP parameter negotiation request. A successful exploit could allow the attacker to take the VCS device offline due to high CPU utilization, resulting in a DoS condition.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit this vulnerability, an attacker would need to send a crafted SDP parameter negotiation request to the targeted device. Depending on where the targeted system resides in an environment, an attacker may need to bypass firewall restrictions or other protection measures, which may reduce the likelihood of a successful exploit.

Affected configurations

Vulners
Node
ciscotelepresence_video_communication_serverMatchany
OR
ciscotelepresence_video_communication_serverMatchany
VendorProductVersionCPE
ciscotelepresence_video_communication_serveranycpe:2.3:h:cisco:telepresence_video_communication_server:any:*:*:*:*:*:*:*

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

EPSS

0.001

Percentile

48.6%

Related for CISCO-SA-20150609-CVE-2015-0772