Details of VAR-201306-0161

ID

VAR-201306-0161

CVE

CVE-2013-3378

TITLE

Cisco TelePresence TC Software and TE Software Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003094

DESCRIPTION

Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557. Multiple Cisco TelePresence products are prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause a denial of service condition. This issue is being tracked by Cisco Bug ID CSCuf89557. The following products are vulnerable: Versions prior to Cisco TelePresence MX Series TC6.1 Versions prior to Cisco TelePresence System EX Series TC6.1 Versions prior to Cisco TelePresence Integrator C Series TC6.1 Versions prior to Cisco TelePresence Profiles Series TC6.1 Versions prior to Cisco TelePresence Quick Set Series TC6.1 Versions prior to Cisco IP Video Phone E20 TE4.1.3. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect

Trust: 1.98

sources: NVD: CVE-2013-3378 // JVNDB: JVNDB-2013-003094 // BID: 60681 // VULHUB: VHN-63380

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.1	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.0	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	lte	version:	6.0.1	Trust: 1.0
vendor:	cisco	model:	telepresence te software	scope:	lte	version:	4.1.2	Trust: 1.0
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	6.0	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	lt	version:	6.x	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.1	Trust: 0.8
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.3	Trust: 0.8
vendor:	cisco	model:	telepresence te software	scope:	lt	version:	4.x	Trust: 0.8
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.2	Trust: 0.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.0.1	Trust: 0.6

sources: JVNDB: JVNDB-2013-003094 // CNNVD: CNNVD-201306-379 // NVD: CVE-2013-3378

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3378
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3378
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201306-379
value:	HIGH
Trust: 0.6
VULHUB:	VHN-63380
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3378
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63380
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63380 // JVNDB: JVNDB-2013-003094 // CNNVD: CNNVD-201306-379 // NVD: CVE-2013-3378

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-63380 // JVNDB: JVNDB-2013-003094 // NVD: CVE-2013-3378

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-379

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201306-379

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003094

PATCH

title:	cisco-sa-20130619-tpc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc	Trust: 0.8
title:	29649	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29649	Trust: 0.8
title:	cisco-sa-20130619-tpc	url:	http://www.cisco.com/cisco/web/support/JP/111/1118/1118409_cisco-sa-20130619-tpc-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003094

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3378	Trust: 2.8
db:	BID	id:	60681	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003094	Trust: 0.8
db:	CNNVD	id:	CNNVD-201306-379	Trust: 0.7
db:	CISCO	id:	20130619 MULTIPLE VULNERABILITIES IN CISCO TELEPRESENCE TC AND TE SOFTWARE	Trust: 0.6
db:	VULHUB	id:	VHN-63380	Trust: 0.1

sources: VULHUB: VHN-63380 // BID: 60681 // JVNDB: JVNDB-2013-003094 // CNNVD: CNNVD-201306-379 // NVD: CVE-2013-3378

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130619-tpc	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3378	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3378	Trust: 0.8
url:	http://www.securityfocus.com/bid/60681	Trust: 0.6
url:	www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-63380 // BID: 60681 // JVNDB: JVNDB-2013-003094 // CNNVD: CNNVD-201306-379 // NVD: CVE-2013-3378

CREDITS

Knud from nSense

Trust: 0.9

sources: BID: 60681 // CNNVD: CNNVD-201306-379

SOURCES

db:	VULHUB	id:	VHN-63380
db:	BID	id:	60681
db:	JVNDB	id:	JVNDB-2013-003094
db:	CNNVD	id:	CNNVD-201306-379
db:	NVD	id:	CVE-2013-3378

LAST UPDATE DATE

2024-08-14T13:58:17.705000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63380	date:	2013-06-21T00:00:00
db:	BID	id:	60681	date:	2013-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-003094	date:	2013-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201306-379	date:	2013-06-24T00:00:00
db:	NVD	id:	CVE-2013-3378	date:	2013-06-21T13:57:25.640

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63380	date:	2013-06-21T00:00:00
db:	BID	id:	60681	date:	2013-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-003094	date:	2013-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201306-379	date:	2013-06-24T00:00:00
db:	NVD	id:	CVE-2013-3378	date:	2013-06-21T13:57:25.640