Details of VAR-201410-0993

ID

VAR-201410-0993

CVE

CVE-2014-3368

TITLE

Cisco TelePresence Video Communication Server and Expressway Denial of service in software (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-004980

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507. Vendors report this vulnerability Bug ID CSCui06507 Published as.Denial of service via third-party, heavily crafted packets ( Device reload ) May be in a state. An attacker can exploit this issue to cause the kernel to crash and reload the affected system, denying service to legitimate users. The issue is documented by Cisco Bug ID CSCui06507

Trust: 1.98

sources: NVD: CVE-2014-3368 // JVNDB: JVNDB-2014-004980 // BID: 70589 // VULHUB: VHN-71308

AFFECTED PRODUCTS

vendor:	cisco	model:	expressway software	scope:	lte	version:	x8.1	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	lte	version:	x8.1	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	lt	version:	x8.2	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	lt	version:	x8.2	Trust: 0.8
vendor:	cisco	model:	expressway software	scope:	eq	version:	x8.1	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.1	Trust: 0.6

sources: JVNDB: JVNDB-2014-004980 // CNNVD: CNNVD-201410-628 // NVD: CVE-2014-3368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3368
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3368
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201410-628
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71308
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3368
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71308
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71308 // JVNDB: JVNDB-2014-004980 // CNNVD: CNNVD-201410-628 // NVD: CVE-2014-3368

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-71308 // JVNDB: JVNDB-2014-004980 // NVD: CVE-2014-3368

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-628

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201410-628

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004980

PATCH

title:	cisco-sa-20141015-vcs	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs	Trust: 0.8
title:	22477	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=22477	Trust: 0.8
title:	cisco-sa-20141015-vcs	url:	http://www.cisco.com/cisco/web/support/JP/112/1126/1126346_cisco-sa-20141015-vcs-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-004980

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3368	Trust: 2.8
db:	SECUNIA	id:	60850	Trust: 1.1
db:	SECTRACK	id:	1031055	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004980	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-628	Trust: 0.7
db:	BID	id:	70589	Trust: 0.4
db:	VULHUB	id:	VHN-71308	Trust: 0.1

sources: VULHUB: VHN-71308 // BID: 70589 // JVNDB: JVNDB-2014-004980 // CNNVD: CNNVD-201410-628 // NVD: CVE-2014-3368

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-vcs	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35827	Trust: 1.1
url:	http://www.securitytracker.com/id/1031055	Trust: 1.1
url:	http://secunia.com/advisories/60850	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3368	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3368	Trust: 0.8
url:	www.cisco.com/en/us/products/ps11337/index.html	Trust: 0.3
url:	www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-71308 // BID: 70589 // JVNDB: JVNDB-2014-004980 // CNNVD: CNNVD-201410-628 // NVD: CVE-2014-3368

CREDITS

Cisco

Trust: 0.3

sources: BID: 70589

SOURCES

db:	VULHUB	id:	VHN-71308
db:	BID	id:	70589
db:	JVNDB	id:	JVNDB-2014-004980
db:	CNNVD	id:	CNNVD-201410-628
db:	NVD	id:	CVE-2014-3368

LAST UPDATE DATE

2024-11-23T22:02:02.332000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71308	date:	2015-10-08T00:00:00
db:	BID	id:	70589	date:	2014-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004980	date:	2014-10-24T00:00:00
db:	CNNVD	id:	CNNVD-201410-628	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-3368	date:	2024-11-21T02:07:57.360

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71308	date:	2014-10-19T00:00:00
db:	BID	id:	70589	date:	2014-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004980	date:	2014-10-24T00:00:00
db:	CNNVD	id:	CNNVD-201410-628	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-3368	date:	2014-10-19T01:55:13.480