Lucene search

CiscoCVELIST:CVE-2021-34758

HistoryOct 06, 2021 - 7:45 p.m.

CVE-2021-34758 Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability

2021-10-0619:45:59

CWE-732

cisco

www.cve.org

cisco

telepresence

endpoint

roomos

software

dos

vulnerability

memory

management

shared

resource

access controls

exploit

corruption

device

reload

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.1

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.

CNA Affected

[
  {
    "product": "Cisco RoomOS Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-34758