ID

VAR-201401-0326


CVE

CVE-2014-0662


TITLE

Cisco TelePresence Video Communication Server of SIP Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001232

DESCRIPTION

The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632. An attacker can exploit this issue to cause a denial-of-service condition. The issue is documented by Cisco Bug ID CSCue97632

Trust: 1.98

sources: NVD: CVE-2014-0662 // JVNDB: JVNDB-2014-001232 // BID: 65076 // VULHUB: VHN-68155

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x7.2

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x7.2.1

Trust: 1.6

vendor:ciscomodel:telepresence video communication servers softwarescope:eqversion:x7.0.2

Trust: 1.6

vendor:ciscomodel:telepresence video communication servers softwarescope:eqversion:x7.0

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x6.1

Trust: 1.6

vendor:ciscomodel:telepresence video communication servers softwarescope:eqversion:x7.0.1

Trust: 1.6

vendor:ciscomodel:telepresence video communication servers softwarescope:eqversion:x7.0.3

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x6.0

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x7.1

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:lteversion:x7.2.2

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence video communication server softwarescope:ltversion:x8.1

Trust: 0.8

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x7.2.2

Trust: 0.6

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x7.0

Trust: 0.3

sources: BID: 65076 // JVNDB: JVNDB-2014-001232 // CNNVD: CNNVD-201401-428 // NVD: CVE-2014-0662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0662
value: HIGH

Trust: 1.0

NVD: CVE-2014-0662
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201401-428
value: HIGH

Trust: 0.6

VULHUB: VHN-68155
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0662
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68155
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68155 // JVNDB: JVNDB-2014-001232 // CNNVD: CNNVD-201401-428 // NVD: CVE-2014-0662

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-68155 // JVNDB: JVNDB-2014-001232 // NVD: CVE-2014-0662

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-428

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201401-428

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:cisco:telepresence_video_communication_servers"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:telepresence_video_communication_server_software"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2014-001232

PATCH

title:32409url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409

Trust: 0.8

title:cisco-sa-20140122-vcsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs

Trust: 0.8

title:3571/0url:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=3571&signatureSubId=0&softwareVersion=6.0&releaseVersion=S765

Trust: 0.8

title:32459url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32459

Trust: 0.8

title:cisco-sa-20140122-vcsurl:http://www.cisco.com/cisco/web/support/JP/112/1121/1121769_cisco-sa-20140122-vcs-j.html

Trust: 0.8

sources: JVNDB: JVNDB-2014-001232

EXTERNAL IDS

db:NVDid:CVE-2014-0662

Trust: 2.8

db:BIDid:65076

Trust: 1.4

db:SECTRACKid:1029655

Trust: 1.1

db:SECUNIAid:56592

Trust: 1.1

db:OSVDBid:102363

Trust: 1.1

db:JVNDBid:JVNDB-2014-001232

Trust: 0.8

db:CNNVDid:CNNVD-201401-428

Trust: 0.7

db:CISCOid:20140122 CISCO TELEPRESENCE VIDEO COMMUNICATION SERVER SIP DENIAL OF SERVICE VULNERABILITY

Trust: 0.6

db:VULHUBid:VHN-68155

Trust: 0.1

sources: VULHUB: VHN-68155 // BID: 65076 // JVNDB: JVNDB-2014-001232 // CNNVD: CNNVD-201401-428 // NVD: CVE-2014-0662

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140122-vcs

Trust: 1.7

url:http://www.securityfocus.com/bid/65076

Trust: 1.1

url:http://tools.cisco.com/security/center/viewambalert.x?alertid=32409

Trust: 1.1

url:http://osvdb.org/102363

Trust: 1.1

url:http://www.securitytracker.com/id/1029655

Trust: 1.1

url:http://secunia.com/advisories/56592

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90621

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0662

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0662

Trust: 0.8

url:www.cisco.com/en/us/products/ps11337/index.html

Trust: 0.3

sources: VULHUB: VHN-68155 // BID: 65076 // JVNDB: JVNDB-2014-001232 // CNNVD: CNNVD-201401-428 // NVD: CVE-2014-0662

CREDITS

Cisco

Trust: 0.3

sources: BID: 65076

SOURCES

db:VULHUBid:VHN-68155
db:BIDid:65076
db:JVNDBid:JVNDB-2014-001232
db:CNNVDid:CNNVD-201401-428
db:NVDid:CVE-2014-0662

LAST UPDATE DATE

2024-11-23T22:08:27.511000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-68155date:2017-08-29T00:00:00
db:BIDid:65076date:2014-01-22T00:00:00
db:JVNDBid:JVNDB-2014-001232date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-428date:2014-01-30T00:00:00
db:NVDid:CVE-2014-0662date:2024-11-21T02:02:36.797

SOURCES RELEASE DATE

db:VULHUBid:VHN-68155date:2014-01-22T00:00:00
db:BIDid:65076date:2014-01-22T00:00:00
db:JVNDBid:JVNDB-2014-001232date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-428date:2014-01-30T00:00:00
db:NVDid:CVE-2014-0662date:2014-01-22T21:55:03.573