Details of VAR-201409-0392

ID

VAR-201409-0392

CVE

CVE-2014-3362

TITLE

Cisco TelePresence System Edge MXP Series Management Session Request Denial of Service Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-05711 // BID: 69737

DESCRIPTION

Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677. Vendors have confirmed this vulnerability Bug ID CSCuo63677 It is released as.Multiple third parties TELNET Service disruption via connection ( Stop management functions ) There is a possibility of being put into a state. Cisco TelePresence is a Cisco TelePresence solution that delivers life-size ultra-high definition video (1080p), CD-quality audio, a specially designed environment, and interactive components that provide \"face-to-face\" for remote participants. Meeting experience. Successfully exploiting this issue allows remote attackers to cause the system to become unresponsive; resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuo63677

Trust: 2.52

sources: NVD: CVE-2014-3362 // JVNDB: JVNDB-2014-004174 // CNVD: CNVD-2014-05711 // BID: 69737 // VULHUB: VHN-71302

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-05711

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence system software	scope:	eq	version:	fnc9.1.1	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	f9.3.1	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	f9.1.0	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	f9.3	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	fnc9.1.2	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	f9.1.2	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	f9.0.1	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	f9.1.1	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	fnc9.3	Trust: 1.6
vendor:	cisco	model:	telepresence system edge 75 mxp	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	fnc9.1.0	Trust: 1.0
vendor:	cisco	model:	telepresence system edge 85 mxp	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system edge 95 mxp	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	f9.0.2	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	lte	version:	f9.3.3	Trust: 1.0
vendor:	cisco	model:	telepresence system edge 75 mxp	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system edge 85 mxp	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system edge 95 mxp	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	lte	version:	edge mxp series f9.3.3	Trust: 0.8
vendor:	cisco	model:	telepresence system edge mxp series	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	f9.3.3	Trust: 0.6
vendor:	cisco	model:	telepresence system edge mxp series	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-05711 // BID: 69737 // JVNDB: JVNDB-2014-004174 // CNNVD: CNNVD-201409-499 // NVD: CVE-2014-3362

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3362
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3362
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-05711
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201409-499
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71302
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3362
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-05711
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71302
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-05711 // VULHUB: VHN-71302 // JVNDB: JVNDB-2014-004174 // CNNVD: CNNVD-201409-499 // NVD: CVE-2014-3362

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-71302 // JVNDB: JVNDB-2014-004174 // NVD: CVE-2014-3362

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-499

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201409-499

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004174

PATCH

title:	Cisco TelePresence System MXP Series Software Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3362	Trust: 0.8
title:	35674	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35674	Trust: 0.8

sources: JVNDB: JVNDB-2014-004174

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3362	Trust: 3.4
db:	SECUNIA	id:	61072	Trust: 1.1
db:	BID	id:	69737	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-004174	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-499	Trust: 0.7
db:	CNVD	id:	CNVD-2014-05711	Trust: 0.6
db:	VULHUB	id:	VHN-71302	Trust: 0.1

sources: CNVD: CNVD-2014-05711 // VULHUB: VHN-71302 // BID: 69737 // JVNDB: JVNDB-2014-004174 // CNNVD: CNNVD-201409-499 // NVD: CVE-2014-3362

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3362	Trust: 2.6
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35674	Trust: 1.7
url:	http://secunia.com/advisories/61072	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95883	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3362	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3362	Trust: 0.8
url:	http://www.securityfocus.com/bid/69737	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-05711 // VULHUB: VHN-71302 // BID: 69737 // JVNDB: JVNDB-2014-004174 // CNNVD: CNNVD-201409-499 // NVD: CVE-2014-3362

CREDITS

Cisco

Trust: 0.3

sources: BID: 69737

SOURCES

db:	CNVD	id:	CNVD-2014-05711
db:	VULHUB	id:	VHN-71302
db:	BID	id:	69737
db:	JVNDB	id:	JVNDB-2014-004174
db:	CNNVD	id:	CNNVD-201409-499
db:	NVD	id:	CVE-2014-3362

LAST UPDATE DATE

2024-11-23T22:18:34.587000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-05711	date:	2014-09-15T00:00:00
db:	VULHUB	id:	VHN-71302	date:	2017-08-29T00:00:00
db:	BID	id:	69737	date:	2014-09-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-004174	date:	2014-09-16T00:00:00
db:	CNNVD	id:	CNNVD-201409-499	date:	2014-09-15T00:00:00
db:	NVD	id:	CVE-2014-3362	date:	2024-11-21T02:07:56.640

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-05711	date:	2014-09-15T00:00:00
db:	VULHUB	id:	VHN-71302	date:	2014-09-12T00:00:00
db:	BID	id:	69737	date:	2014-09-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-004174	date:	2014-09-16T00:00:00
db:	CNNVD	id:	CNNVD-201409-499	date:	2014-09-15T00:00:00
db:	NVD	id:	CVE-2014-3362	date:	2014-09-12T01:55:07.013