Sign-up

ID

VAR-201405-0490


CVE

CVE-2014-2171


TITLE

Cisco TelePresence TC Software and TE Software heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002372

DESCRIPTION

Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796. Vendors have confirmed this vulnerability Bug ID CSCud81796 It is released as.Skillfully crafted by a third party SIP An arbitrary code may be executed via a packet. Multiple remote denial-of-service vulnerabilities 2. A buffer-overflow vulnerability 3. A command-injection vulnerability 4. A command-injection vulnerability 5. A heap-based buffer-overflow vulnerability 6. A local buffer-overflow vulnerability 7. A local authentication-bypass vulnerability 8. A remote denial-of-service vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the device, bypass authentication mechanisms, gain unauthorized access, execute arbitrary commands, or cause denial-of-service conditions; other attacks may also be possible. These issues are being tracked by Cisco Bug IDs CSCud29566, CSCua64961, CSCuj94651, CSCtq72699, CSCto70562, CSCua86589, CSCty44804, CSCue60211, CSCue60202, CSCud81796, CSCub67693, CSCub67692, and CSCtq78849. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2014-2171 // JVNDB: JVNDB-2014-002372 // BID: 67170 // VULHUB: VHN-70110

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1.2

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.3

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.2

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.4

Trust: 1.6

vendor:ciscomodel:telepresence te softwarescope:eqversion:6.0.1

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.1

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.0

Trust: 1.6

vendor:ciscomodel:telepresence te softwarescope:eqversion:6.0

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1.1

Trust: 1.6

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.0

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.0.4

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.2

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.3

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.0.0

Trust: 1.0

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.0

Trust: 1.0

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.3

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.7

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.0.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.2

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.6

Trust: 1.0

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.2

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.4

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.5

Trust: 1.0

vendor:ciscomodel:telepresencescope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:ltversion:6.x

Trust: 0.8

vendor:ciscomodel:telepresence te softwarescope:eqversion:6.0.2

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.x

Trust: 0.8

vendor:ciscomodel:telepresence te softwarescope:ltversion:6.0.x

Trust: 0.8

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.x

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.1

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.x

Trust: 0.8

sources: JVNDB: JVNDB-2014-002372 // CNNVD: CNNVD-201405-034 // NVD: CVE-2014-2171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2171
value: HIGH

Trust: 1.0

NVD: CVE-2014-2171
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201405-034
value: CRITICAL

Trust: 0.6

VULHUB: VHN-70110
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2171
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70110
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70110 // JVNDB: JVNDB-2014-002372 // CNNVD: CNNVD-201405-034 // NVD: CVE-2014-2171

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-70110 // JVNDB: JVNDB-2014-002372 // NVD: CVE-2014-2171

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-034

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-034

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002372

PATCH
title:cisco-sa-20140430-tcteurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte
Trust: 0.8
title:33895url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33895
Trust: 0.8
title:cisco-sa-20140430-tcteurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122529_cisco-sa-20140430-tcte-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002372

EXTERNAL IDS
db:NVDid:CVE-2014-2171
Trust: 2.8
db:JVNDBid:JVNDB-2014-002372
Trust: 0.8
db:CNNVDid:CNNVD-201405-034
Trust: 0.7
db:CISCOid:20140430 MULTIPLE VULNERABILITIES IN CISCO TELEPRESENCE TC AND TE SOFTWARE
Trust: 0.6
db:BIDid:67170
Trust: 0.3
db:VULHUBid:VHN-70110
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70110 // 
            
            
            
            BID: 67170 // 
            
            
            
            JVNDB: JVNDB-2014-002372 // 
            
            
            
            CNNVD: CNNVD-201405-034 // 
            
            
            
            NVD: CVE-2014-2171

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-tcte
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2171
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2171
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70110 // 
            
            
            
            BID: 67170 // 
            
            
            
            JVNDB: JVNDB-2014-002372 // 
            
            
            
            CNNVD: CNNVD-201405-034 // 
            
            
            
            NVD: CVE-2014-2171

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67170

SOURCES
db:VULHUBid:VHN-70110
db:BIDid:67170
db:JVNDBid:JVNDB-2014-002372
db:CNNVDid:CNNVD-201405-034
db:NVDid:CVE-2014-2171

LAST UPDATE DATE
2024-11-23T22:02:10.709000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70110date:2014-05-02T00:00:00
db:BIDid:67170date:2014-05-09T00:42:00
db:JVNDBid:JVNDB-2014-002372date:2014-05-07T00:00:00
db:CNNVDid:CNNVD-201405-034date:2014-05-07T00:00:00
db:NVDid:CVE-2014-2171date:2024-11-21T02:05:47.167

SOURCES RELEASE DATE
db:VULHUBid:VHN-70110date:2014-05-02T00:00:00
db:BIDid:67170date:2014-04-30T00:00:00
db:JVNDBid:JVNDB-2014-002372date:2014-05-07T00:00:00
db:CNNVDid:CNNVD-201405-034date:2014-05-07T00:00:00
db:NVDid:CVE-2014-2171date:2014-05-02T10:55:08.367