Sign-up

ID

VAR-201405-0493


CVE

CVE-2014-2162


TITLE

Cisco TelePresence TC Software and TE Software SIP Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002363

DESCRIPTION

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCud29566. Multiple remote denial-of-service vulnerabilities 2. A buffer-overflow vulnerability 3. A command-injection vulnerability 4. A command-injection vulnerability 5. A heap-based buffer-overflow vulnerability 6. A local buffer-overflow vulnerability 7. A local authentication-bypass vulnerability 8. A remote denial-of-service vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the device, bypass authentication mechanisms, gain unauthorized access, execute arbitrary commands, or cause denial-of-service conditions; other attacks may also be possible. These issues are being tracked by Cisco Bug IDs CSCud29566, CSCua64961, CSCuj94651, CSCtq72699, CSCto70562, CSCua86589, CSCty44804, CSCue60211, CSCue60202, CSCud81796, CSCub67693, CSCub67692, and CSCtq78849. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2014-2162 // JVNDB: JVNDB-2014-002363 // BID: 67170 // VULHUB: VHN-70101

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence te softwarescope:eqversion:6.0

Trust: 1.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.0

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.1

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.2

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.1

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.7

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.2

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.2

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.3

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.1

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.0

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.0.4

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1.1

Trust: 1.0

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.0.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1.2

Trust: 1.0

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.3

Trust: 1.0

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.3

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.0.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.4

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.6

Trust: 1.0

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.2

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.4

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.5

Trust: 1.0

vendor:ciscomodel:telepresencescope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.x

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.x

Trust: 0.8

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.x

Trust: 0.8

sources: JVNDB: JVNDB-2014-002363 // CNNVD: CNNVD-201405-025 // NVD: CVE-2014-2162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2162
value: HIGH

Trust: 1.0

NVD: CVE-2014-2162
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201405-025
value: HIGH

Trust: 0.6

VULHUB: VHN-70101
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2162
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70101
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70101 // JVNDB: JVNDB-2014-002363 // CNNVD: CNNVD-201405-025 // NVD: CVE-2014-2162

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-70101 // JVNDB: JVNDB-2014-002363 // NVD: CVE-2014-2162

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-025

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201405-025

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002363

PATCH
title:cisco-sa-20140430-tcteurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte
Trust: 0.8
title:4252/0url:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=4252&signatureSubId=0&softwareVersion=6.0&releaseVersion=S793
Trust: 0.8
title:33891url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33891
Trust: 0.8
title:cisco-sa-20140430-tcteurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122529_cisco-sa-20140430-tcte-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002363

EXTERNAL IDS
db:NVDid:CVE-2014-2162
Trust: 2.8
db:JVNDBid:JVNDB-2014-002363
Trust: 0.8
db:CISCOid:20140430 MULTIPLE VULNERABILITIES IN CISCO TELEPRESENCE TC AND TE SOFTWARE
Trust: 0.6
db:CNNVDid:CNNVD-201405-025
Trust: 0.6
db:BIDid:67170
Trust: 0.3
db:VULHUBid:VHN-70101
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70101 // 
            
            
            
            BID: 67170 // 
            
            
            
            JVNDB: JVNDB-2014-002363 // 
            
            
            
            CNNVD: CNNVD-201405-025 // 
            
            
            
            NVD: CVE-2014-2162

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-tcte
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2162
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2162
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70101 // 
            
            
            
            BID: 67170 // 
            
            
            
            JVNDB: JVNDB-2014-002363 // 
            
            
            
            CNNVD: CNNVD-201405-025 // 
            
            
            
            NVD: CVE-2014-2162

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67170

SOURCES
db:VULHUBid:VHN-70101
db:BIDid:67170
db:JVNDBid:JVNDB-2014-002363
db:CNNVDid:CNNVD-201405-025
db:NVDid:CVE-2014-2162

LAST UPDATE DATE
2024-11-23T22:02:10.858000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70101date:2014-05-02T00:00:00
db:BIDid:67170date:2014-05-09T00:42:00
db:JVNDBid:JVNDB-2014-002363date:2014-05-07T00:00:00
db:CNNVDid:CNNVD-201405-025date:2014-05-07T00:00:00
db:NVDid:CVE-2014-2162date:2024-11-21T02:05:46.057

SOURCES RELEASE DATE
db:VULHUBid:VHN-70101date:2014-05-02T00:00:00
db:BIDid:67170date:2014-04-30T00:00:00
db:JVNDBid:JVNDB-2014-002363date:2014-05-07T00:00:00
db:CNNVDid:CNNVD-201405-025date:2014-05-07T00:00:00
db:NVDid:CVE-2014-2162date:2014-05-02T10:55:08.147