Details of VAR-201503-0157

ID

VAR-201503-0157

CVE

CVE-2015-0652

TITLE

plural Cisco Product Session Description Protocol Denial of service in implementation (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001809

DESCRIPTION

The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192. Multiple Cisco products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to reload an affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCus96593 and CSCun73192

Trust: 1.98

sources: NVD: CVE-2015-0652 // JVNDB: JVNDB-2015-001809 // BID: 73047 // VULHUB: VHN-78598

AFFECTED PRODUCTS

vendor:	cisco	model:	expressway software	scope:	lte	version:	x8.1.1	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	lte	version:	x8.1.1	Trust: 1.0
vendor:	cisco	model:	telepresence conductor	scope:	lte	version:	xc2.4	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	lt	version:	x8.2	Trust: 0.8
vendor:	cisco	model:	telepresence conductor	scope:	lt	version:	xc2.4	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	lt	version:	x8.2	Trust: 0.8
vendor:	cisco	model:	expressway software	scope:	eq	version:	x8.1.1	Trust: 0.6
vendor:	cisco	model:	telepresence conductor	scope:	eq	version:	xc2.4	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.1.1	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server expressway	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.1.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server base	scope:	eq	version:	x8.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.2.2	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.2.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server base	scope:	eq	version:	x7.2	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server base	scope:	eq	version:	x7.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.0.3	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.0.2	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.0.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.0.0	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server base	scope:	eq	version:	x6.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server base	scope:	eq	version:	x6.0	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server base	scope:	eq	version:	x5.2	Trust: 0.3
vendor:	cisco	model:	telepresence vcs starter pack expressway	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence vcs control	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.3.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.2.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.0.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.0.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc1.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc1.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc1.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	expressway edge	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	expressway core	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	expressway	scope:	eq	version:	x8.1.1	Trust: 0.3
vendor:	cisco	model:	expressway	scope:	eq	version:	x8.1	Trust: 0.3

sources: BID: 73047 // JVNDB: JVNDB-2015-001809 // CNNVD: CNNVD-201503-307 // NVD: CVE-2015-0652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0652
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0652
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201503-307
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78598
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0652
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78598
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78598 // JVNDB: JVNDB-2015-001809 // CNNVD: CNNVD-201503-307 // NVD: CVE-2015-0652

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-78598 // JVNDB: JVNDB-2015-001809 // NVD: CVE-2015-0652

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-307

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201503-307

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001809

PATCH

title:	37541	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=37541	Trust: 0.8
title:	cisco-sa-20150311-vcs	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs	Trust: 0.8
title:	37728	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37728	Trust: 0.8

sources: JVNDB: JVNDB-2015-001809

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0652	Trust: 2.8
db:	SECTRACK	id:	1031910	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001809	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-307	Trust: 0.7
db:	BID	id:	73047	Trust: 0.4
db:	VULHUB	id:	VHN-78598	Trust: 0.1

sources: VULHUB: VHN-78598 // BID: 73047 // JVNDB: JVNDB-2015-001809 // CNNVD: CNNVD-201503-307 // NVD: CVE-2015-0652

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150311-vcs	Trust: 2.0
url:	http://www.securitytracker.com/id/1031910	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0652	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0652	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37728	Trust: 0.3

sources: VULHUB: VHN-78598 // BID: 73047 // JVNDB: JVNDB-2015-001809 // CNNVD: CNNVD-201503-307 // NVD: CVE-2015-0652

CREDITS

Cisco

Trust: 0.3

sources: BID: 73047

SOURCES

db:	VULHUB	id:	VHN-78598
db:	BID	id:	73047
db:	JVNDB	id:	JVNDB-2015-001809
db:	CNNVD	id:	CNNVD-201503-307
db:	NVD	id:	CVE-2015-0652

LAST UPDATE DATE

2024-11-23T22:27:11.356000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78598	date:	2015-09-11T00:00:00
db:	BID	id:	73047	date:	2015-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-001809	date:	2015-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201503-307	date:	2015-03-16T00:00:00
db:	NVD	id:	CVE-2015-0652	date:	2024-11-21T02:23:28.633

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78598	date:	2015-03-13T00:00:00
db:	BID	id:	73047	date:	2015-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-001809	date:	2015-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201503-307	date:	2015-03-16T00:00:00
db:	NVD	id:	CVE-2015-0652	date:	2015-03-13T01:59:31.523