Sign-up

ID

VAR-201410-0058


CVE

CVE-2014-3397


TITLE

Cisco TelePresence MCU Software network stack Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004984

DESCRIPTION

The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468. Successful exploits may allow an attacker to cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtz35468. The following products running a vulnerable version of software are affected: Cisco TelePresence MCU 4200 Series Cisco TelePresence MCU 4500 Series Cisco TelePresence MCU MSE 8420. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The vulnerability is caused by the program not filtering TCP packets adequately

Trust: 1.98

sources: NVD: CVE-2014-3397 // JVNDB: JVNDB-2014-004984 // BID: 70591 // VULHUB: VHN-71337

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence mcu softwarescope:lteversion:4.3\(2.18\)

Trust: 1.0

vendor:ciscomodel:telepresence mcu softwarescope:ltversion:4.3(2.30)

Trust: 0.8

vendor:ciscomodel:telepresence mcu softwarescope:eqversion:4.3\(2.18\)

Trust: 0.6

sources: JVNDB: JVNDB-2014-004984 // CNNVD: CNNVD-201410-632 // NVD: CVE-2014-3397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3397
value: HIGH

Trust: 1.0

NVD: CVE-2014-3397
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201410-632
value: HIGH

Trust: 0.6

VULHUB: VHN-71337
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-3397
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71337
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71337 // JVNDB: JVNDB-2014-004984 // CNNVD: CNNVD-201410-632 // NVD: CVE-2014-3397

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-71337 // JVNDB: JVNDB-2014-004984 // NVD: CVE-2014-3397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-632

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201410-632

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004984

PATCH
title:cisco-sa-20141015-mcuurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu
Trust: 0.8
title:36016url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36016
Trust: 0.8
title:cisco-sa-20141015-mcuurl:http://www.cisco.com/cisco/web/support/JP/112/1126/1126347_cisco-sa-20141015-mcu-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004984

EXTERNAL IDS
db:NVDid:CVE-2014-3397
Trust: 2.8
db:SECTRACKid:1031054
Trust: 1.1
db:SECUNIAid:60855
Trust: 1.1
db:JVNDBid:JVNDB-2014-004984
Trust: 0.8
db:CNNVDid:CNNVD-201410-632
Trust: 0.7
db:BIDid:70591
Trust: 0.4
db:VULHUBid:VHN-71337
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71337 // 
            
            
            
            BID: 70591 // 
            
            
            
            JVNDB: JVNDB-2014-004984 // 
            
            
            
            CNNVD: CNNVD-201410-632 // 
            
            
            
            NVD: CVE-2014-3397

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-mcu
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36016
Trust: 1.4
url:http://www.securitytracker.com/id/1031054
Trust: 1.1
url:http://secunia.com/advisories/60855
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3397
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3397
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71337 // 
            
            
            
            BID: 70591 // 
            
            
            
            JVNDB: JVNDB-2014-004984 // 
            
            
            
            CNNVD: CNNVD-201410-632 // 
            
            
            
            NVD: CVE-2014-3397

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 70591

SOURCES
db:VULHUBid:VHN-71337
db:BIDid:70591
db:JVNDBid:JVNDB-2014-004984
db:CNNVDid:CNNVD-201410-632
db:NVDid:CVE-2014-3397

LAST UPDATE DATE
2024-11-23T23:09:21.854000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71337date:2015-10-30T00:00:00
db:BIDid:70591date:2014-10-15T00:00:00
db:JVNDBid:JVNDB-2014-004984date:2014-10-24T00:00:00
db:CNNVDid:CNNVD-201410-632date:2014-10-22T00:00:00
db:NVDid:CVE-2014-3397date:2024-11-21T02:08:00.623

SOURCES RELEASE DATE
db:VULHUBid:VHN-71337date:2014-10-19T00:00:00
db:BIDid:70591date:2014-10-15T00:00:00
db:JVNDBid:JVNDB-2014-004984date:2014-10-24T00:00:00
db:CNNVDid:CNNVD-201410-632date:2014-10-22T00:00:00
db:NVDid:CVE-2014-3397date:2014-10-19T01:55:13.637