Details of VAR-201501-0217

ID

VAR-201501-0217

CVE

CVE-2015-0579

TITLE

Cisco TelePresence Video Communication Server and Cisco Expressway Denial of service in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001041

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473. Successful exploits may allow the attacker to cause excessive CPU usage, resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCur12473. Security vulnerabilities exist in Cisco TelePresence VCS and Cisco Expressway

Trust: 1.98

sources: NVD: CVE-2015-0579 // JVNDB: JVNDB-2015-001041 // BID: 72057 // VULHUB: VHN-78525

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	lte	version:	8.2.1	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	expressway	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	control	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	expressway series	scope:	eq	version:	0	Trust: 0.3

sources: BID: 72057 // JVNDB: JVNDB-2015-001041 // CNNVD: CNNVD-201501-305 // NVD: CVE-2015-0579

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0579
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0579
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201501-305
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78525
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0579
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78525
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78525 // JVNDB: JVNDB-2015-001041 // CNNVD: CNNVD-201501-305 // NVD: CVE-2015-0579

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-78525 // JVNDB: JVNDB-2015-001041 // NVD: CVE-2015-0579

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-305

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201501-305

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001041

PATCH

title:	Cisco TelePresence VCS and Expressway High CPU Utilization Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0579	Trust: 0.8
title:	37007	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37007	Trust: 0.8

sources: JVNDB: JVNDB-2015-001041

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0579	Trust: 2.8
db:	BID	id:	72057	Trust: 1.4
db:	SECTRACK	id:	1031541	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001041	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-305	Trust: 0.6
db:	VULHUB	id:	VHN-78525	Trust: 0.1

sources: VULHUB: VHN-78525 // BID: 72057 // JVNDB: JVNDB-2015-001041 // CNNVD: CNNVD-201501-305 // NVD: CVE-2015-0579

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0579	Trust: 2.0
url:	http://www.securityfocus.com/bid/72057	Trust: 1.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=37007	Trust: 1.1
url:	http://www.securitytracker.com/id/1031541	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0579	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0579	Trust: 0.8
url:	http://www.cisco.com/c/en/us/products/unified-communications/expressway-series/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/unified-communications/telepresence-video-communication-server-vcs/index.html	Trust: 0.3

sources: VULHUB: VHN-78525 // BID: 72057 // JVNDB: JVNDB-2015-001041 // CNNVD: CNNVD-201501-305 // NVD: CVE-2015-0579

CREDITS

Cisco

Trust: 0.3

sources: BID: 72057

SOURCES

db:	VULHUB	id:	VHN-78525
db:	BID	id:	72057
db:	JVNDB	id:	JVNDB-2015-001041
db:	CNNVD	id:	CNNVD-201501-305
db:	NVD	id:	CVE-2015-0579

LAST UPDATE DATE

2024-11-23T22:59:37.717000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78525	date:	2017-01-06T00:00:00
db:	BID	id:	72057	date:	2015-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-001041	date:	2015-01-19T00:00:00
db:	CNNVD	id:	CNNVD-201501-305	date:	2015-01-15T00:00:00
db:	NVD	id:	CVE-2015-0579	date:	2024-11-21T02:23:21.257

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78525	date:	2015-01-14T00:00:00
db:	BID	id:	72057	date:	2015-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-001041	date:	2015-01-19T00:00:00
db:	CNNVD	id:	CNNVD-201501-305	date:	2015-01-15T00:00:00
db:	NVD	id:	CVE-2015-0579	date:	2015-01-14T19:59:03.633