Details of VAR-201304-0287

ID

VAR-201304-0287

CVE

CVE-2013-1176

TITLE

Multiple Cisco TelePresence Product denial of service vulnerability

Trust: 1.2

sources: CNNVD: CNNVD-201304-397 // CNNVD: CNNVD-201304-418

DESCRIPTION

The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448. Vendors have confirmed this vulnerability Bug ID CSCuc11328 ,and CSCub05448 It is released as.By a third party (1) SIP Session, or (2) H.323 Cleverly crafted in session RTP Service disruption via packets ( Device reload ) There is a possibility of being put into a state. Cisco TelePresence is a set of video conferencing solutions called "Telepresence" systems from Cisco (USA). This solution provides components such as audio and video space, which can provide remote participants with a "face-to-face" virtual conference room effect. A denial of service vulnerability exists in several Cisco TelePresence products. An attacker could use this vulnerability to reload the device and deny legitimate users. The vulnerability exists in the following products: Cisco TelePresence MCU, Cisco TelePresence Server. The vulnerability originates from the program H.264 data is not properly validated

Trust: 2.52

sources: NVD: CVE-2013-1176 // JVNDB: JVNDB-2013-002413 // CNNVD: CNNVD-201304-397 // BID: 59272 // VULHUB: VHN-61178

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.1\(1.37\)	Trust: 1.6
vendor:	cisco	model:	telepresence mcu mse series software	scope:	eq	version:	4.1\(1.59\)	Trust: 1.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.1\(1.33\)	Trust: 1.6
vendor:	cisco	model:	telepresence mcu mse series software	scope:	eq	version:	4.2\(1.43\)	Trust: 1.6
vendor:	cisco	model:	telepresence mcu mse series software	scope:	eq	version:	4.2\(1.46\)	Trust: 1.6
vendor:	cisco	model:	telepresence mcu mse series software	scope:	eq	version:	4.1\(1.51\)	Trust: 1.6
vendor:	cisco	model:	telepresence mcu 4500 series software	scope:	eq	version:	4.1\(1.51\)	Trust: 1.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.2\(1.43\)	Trust: 1.6
vendor:	cisco	model:	telepresence mcu 4500 series software	scope:	lte	version:	4.3\(2.18\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4505	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4520	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4515	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4500 series software	scope:	eq	version:	4.2\(1.43\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4501 series software	scope:	lte	version:	4.3\(2.18\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4501 series software	scope:	eq	version:	4.3\(1.68\)	Trust: 1.0
vendor:	cisco	model:	telepresence server 7010	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence mcu mse series software	scope:	eq	version:	4.3\(1.68\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu mse series software	scope:	lte	version:	4.3\(2.18\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4501 series software	scope:	eq	version:	4.2\(1.43\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4500 series software	scope:	eq	version:	4.2\(1.46\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu mse 8510	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4500 series software	scope:	eq	version:	4.2\(1.50\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4501 series software	scope:	eq	version:	4.2\(1.46\)	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	lte	version:	2.2\(1.54\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4501 series software	scope:	eq	version:	4.2\(1.50\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4500 series software	scope:	eq	version:	4.1\(1.59\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4501	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4501 series software	scope:	eq	version:	4.1\(1.51\)	Trust: 1.0
vendor:	cisco	model:	telepresence server mse 8710	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4501 series software	scope:	eq	version:	4.1\(1.59\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu mse series software	scope:	eq	version:	4.2\(1.50\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4510	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4500 series software	scope:	eq	version:	4.3\(1.68\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu 4500 series software	scope:	lt	version:	4.3(2.30)	Trust: 0.8
vendor:	cisco	model:	telepresence mcu 4501	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence mcu 4501 series software	scope:	lt	version:	4.3(2.30)	Trust: 0.8
vendor:	cisco	model:	telepresence mcu 4505	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence mcu 4510	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence mcu 4515	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence mcu 4520	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence mcu mse 8510	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence mcu mse series software	scope:	lt	version:	4.3(2.30)	Trust: 0.8
vendor:	cisco	model:	telepresence server 7010	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence server mse 8710	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence server software	scope:	lt	version:	2.3(1.55)	Trust: 0.8
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.2\(1.54\)	Trust: 0.6
vendor:	cisco	model:	telepresence mcu mse series software	scope:	eq	version:	4.3\(2.18\)	Trust: 0.6

sources: JVNDB: JVNDB-2013-002413 // CNNVD: CNNVD-201304-418 // NVD: CVE-2013-1176

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1176
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1176
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201304-418
value:	HIGH
Trust: 0.6
VULHUB:	VHN-61178
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1176
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61178
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61178 // JVNDB: JVNDB-2013-002413 // CNNVD: CNNVD-201304-418 // NVD: CVE-2013-1176

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-61178 // JVNDB: JVNDB-2013-002413 // NVD: CVE-2013-1176

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201304-397 // CNNVD: CNNVD-201304-418

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201304-418

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002413

PATCH

title:	cisco-sa-20130417-tpi	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi	Trust: 0.8
title:	28929	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=28929	Trust: 0.8
title:	cisco-sa-20130417-tpi	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117760_cisco-sa-20130417-tpi-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-002413

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1176	Trust: 2.8
db:	BID	id:	59272	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002413	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-418	Trust: 0.7
db:	CNNVD	id:	CNNVD-201304-397	Trust: 0.6
db:	SECUNIA	id:	53129	Trust: 0.6
db:	CISCO	id:	20130417 CISCO TELEPRESENCE INFRASTRUCTURE DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-61178	Trust: 0.1

sources: VULHUB: VHN-61178 // BID: 59272 // JVNDB: JVNDB-2013-002413 // CNNVD: CNNVD-201304-397 // CNNVD: CNNVD-201304-418 // NVD: CVE-2013-1176

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130417-tpi	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1176	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1176	Trust: 0.8
url:	http://www.securityfocus.com/bid/59272	Trust: 0.6
url:	http://secunia.com/advisories/53129	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-61178 // BID: 59272 // JVNDB: JVNDB-2013-002413 // CNNVD: CNNVD-201304-397 // CNNVD: CNNVD-201304-418 // NVD: CVE-2013-1176

CREDITS

Cisco

Trust: 0.9

sources: BID: 59272 // CNNVD: CNNVD-201304-397

SOURCES

db:	VULHUB	id:	VHN-61178
db:	BID	id:	59272
db:	JVNDB	id:	JVNDB-2013-002413
db:	CNNVD	id:	CNNVD-201304-397
db:	CNNVD	id:	CNNVD-201304-418
db:	NVD	id:	CVE-2013-1176

LAST UPDATE DATE

2024-11-23T22:35:24.273000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61178	date:	2013-04-19T00:00:00
db:	BID	id:	59272	date:	2013-04-22T12:50:00
db:	JVNDB	id:	JVNDB-2013-002413	date:	2013-04-22T00:00:00
db:	CNNVD	id:	CNNVD-201304-397	date:	2013-04-19T00:00:00
db:	CNNVD	id:	CNNVD-201304-418	date:	2013-04-19T00:00:00
db:	NVD	id:	CVE-2013-1176	date:	2024-11-21T01:49:03.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61178	date:	2013-04-18T00:00:00
db:	BID	id:	59272	date:	2013-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-002413	date:	2013-04-22T00:00:00
db:	CNNVD	id:	CNNVD-201304-397	date:	2013-04-19T00:00:00
db:	CNNVD	id:	CNNVD-201304-418	date:	2013-04-19T00:00:00
db:	NVD	id:	CVE-2013-1176	date:	2013-04-18T18:55:03.970