Details of VAR-201410-0994

ID

VAR-201410-0994

CVE

CVE-2014-3369

TITLE

Cisco TelePresence Video Communication Server and Expressway Software SIP IX Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004981

DESCRIPTION

The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252. Cisco TelePresence VCS and Expressway are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to crash, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCuo42252. The vulnerability is caused by the incorrect processing of SDP packets when the program configures the IX filter

Trust: 1.98

sources: NVD: CVE-2014-3369 // JVNDB: JVNDB-2014-004981 // BID: 70590 // VULHUB: VHN-71309

AFFECTED PRODUCTS

vendor:	cisco	model:	expressway software	scope:	lte	version:	x8.1	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	lte	version:	x8.1	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	lt	version:	x8.1.1	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	lt	version:	x8.1.1	Trust: 0.8
vendor:	cisco	model:	expressway software	scope:	eq	version:	x8.1	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.1	Trust: 0.6

sources: JVNDB: JVNDB-2014-004981 // CNNVD: CNNVD-201410-629 // NVD: CVE-2014-3369

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3369
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3369
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201410-629
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71309
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3369
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71309
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71309 // JVNDB: JVNDB-2014-004981 // CNNVD: CNNVD-201410-629 // NVD: CVE-2014-3369

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-71309 // JVNDB: JVNDB-2014-004981 // NVD: CVE-2014-3369

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-629

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201410-629

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004981

PATCH

title:	cisco-sa-20141015-vcs	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs	Trust: 0.8
title:	35828	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35828	Trust: 0.8
title:	cisco-sa-20141015-vcs	url:	http://www.cisco.com/cisco/web/support/JP/112/1126/1126346_cisco-sa-20141015-vcs-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-004981

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3369	Trust: 2.8
db:	SECUNIA	id:	60850	Trust: 1.1
db:	SECTRACK	id:	1031055	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004981	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-629	Trust: 0.7
db:	BID	id:	70590	Trust: 0.4
db:	VULHUB	id:	VHN-71309	Trust: 0.1

sources: VULHUB: VHN-71309 // BID: 70590 // JVNDB: JVNDB-2014-004981 // CNNVD: CNNVD-201410-629 // NVD: CVE-2014-3369

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-vcs	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35828	Trust: 1.1
url:	http://www.securitytracker.com/id/1031055	Trust: 1.1
url:	http://secunia.com/advisories/60850	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3369	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3369	Trust: 0.8
url:	www.cisco.com/en/us/products/ps11337/index.html	Trust: 0.3
url:	www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-71309 // BID: 70590 // JVNDB: JVNDB-2014-004981 // CNNVD: CNNVD-201410-629 // NVD: CVE-2014-3369

CREDITS

Cisco

Trust: 0.3

sources: BID: 70590

SOURCES

db:	VULHUB	id:	VHN-71309
db:	BID	id:	70590
db:	JVNDB	id:	JVNDB-2014-004981
db:	CNNVD	id:	CNNVD-201410-629
db:	NVD	id:	CVE-2014-3369

LAST UPDATE DATE

2024-11-23T22:02:02.363000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71309	date:	2015-10-08T00:00:00
db:	BID	id:	70590	date:	2014-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004981	date:	2014-10-24T00:00:00
db:	CNNVD	id:	CNNVD-201410-629	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-3369	date:	2024-11-21T02:07:57.480

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71309	date:	2014-10-19T00:00:00
db:	BID	id:	70590	date:	2014-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004981	date:	2014-10-24T00:00:00
db:	CNNVD	id:	CNNVD-201410-629	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-3369	date:	2014-10-19T01:55:13.527