Details of VAR-201410-0995

ID

VAR-201410-0995

CVE

CVE-2014-3370

TITLE

Cisco TelePresence Video Communication Server and Expressway Service disruption in software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004982

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447. Vendors have confirmed this vulnerability Bug ID CSCum60442 and CSCum60447 It is released as.By a third party SDP Service disruption via packets ( Device reload ) There is a possibility of being put into a state. Cisco TelePresence VCS and Expressway are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to crash, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCum60447 and CSCum60442. The vulnerability is caused by the program not handling SIP packets correctly

Trust: 1.98

sources: NVD: CVE-2014-3370 // JVNDB: JVNDB-2014-004982 // BID: 70592 // VULHUB: VHN-71310

AFFECTED PRODUCTS

vendor:	cisco	model:	expressway software	scope:	lte	version:	x8.1	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	lte	version:	x8.1	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	lt	version:	x8.1.1	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	lt	version:	x8.1.1	Trust: 0.8
vendor:	cisco	model:	expressway software	scope:	eq	version:	x8.1	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.1	Trust: 0.6

sources: JVNDB: JVNDB-2014-004982 // CNNVD: CNNVD-201410-630 // NVD: CVE-2014-3370

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3370
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3370
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201410-630
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71310
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3370
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71310
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71310 // JVNDB: JVNDB-2014-004982 // CNNVD: CNNVD-201410-630 // NVD: CVE-2014-3370

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-71310 // JVNDB: JVNDB-2014-004982 // NVD: CVE-2014-3370

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-630

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201410-630

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004982

PATCH

title:	cisco-sa-20141015-vcs	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs	Trust: 0.8
title:	35829	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35829	Trust: 0.8
title:	cisco-sa-20141015-vcs	url:	http://www.cisco.com/cisco/web/support/JP/112/1126/1126346_cisco-sa-20141015-vcs-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-004982

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3370	Trust: 2.8
db:	SECUNIA	id:	60850	Trust: 1.1
db:	SECTRACK	id:	1031055	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004982	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-630	Trust: 0.7
db:	BID	id:	70592	Trust: 0.4
db:	VULHUB	id:	VHN-71310	Trust: 0.1

sources: VULHUB: VHN-71310 // BID: 70592 // JVNDB: JVNDB-2014-004982 // CNNVD: CNNVD-201410-630 // NVD: CVE-2014-3370

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-vcs	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35829	Trust: 1.1
url:	http://www.securitytracker.com/id/1031055	Trust: 1.1
url:	http://secunia.com/advisories/60850	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3370	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3370	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71310 // BID: 70592 // JVNDB: JVNDB-2014-004982 // CNNVD: CNNVD-201410-630 // NVD: CVE-2014-3370

CREDITS

Cisco

Trust: 0.3

sources: BID: 70592

SOURCES

db:	VULHUB	id:	VHN-71310
db:	BID	id:	70592
db:	JVNDB	id:	JVNDB-2014-004982
db:	CNNVD	id:	CNNVD-201410-630
db:	NVD	id:	CVE-2014-3370

LAST UPDATE DATE

2024-11-23T22:02:02.394000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71310	date:	2015-10-08T00:00:00
db:	BID	id:	70592	date:	2014-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004982	date:	2014-10-24T00:00:00
db:	CNNVD	id:	CNNVD-201410-630	date:	2014-10-31T00:00:00
db:	NVD	id:	CVE-2014-3370	date:	2024-11-21T02:07:57.600

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71310	date:	2014-10-19T00:00:00
db:	BID	id:	70592	date:	2014-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004982	date:	2014-10-24T00:00:00
db:	CNNVD	id:	CNNVD-201410-630	date:	2014-10-29T00:00:00
db:	NVD	id:	CVE-2014-3370	date:	2014-10-19T01:55:13.560