Sign-up

ID

VAR-201509-0009


CVE

CVE-2015-6284


TITLE

plural Cisco TelePresence Server Device Conference Control Protocol API Buffer Overflow Vulnerability in Java Implementation

Trust: 0.8

sources: JVNDB: JVNDB-2015-004940

DESCRIPTION

Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277. Vendors report this vulnerability Bug ID CSCuu28277 Published as.Expertly crafted by a third party URL Via denial of service ( Device crash ) May be in a state. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuu28277. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. The vulnerability is caused by the program not properly filtering user input

Trust: 1.98

sources: NVD: CVE-2015-6284 // JVNDB: JVNDB-2015-004940 // BID: 76758 // VULHUB: VHN-84245

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1\(1.80\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:2.3\(1.57\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1\(1.82\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.0\(1.57\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.1\(1.79\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0\(2.24\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:2.3\(1.55\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.0\(2.8\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1\(1.96\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1\(1.95\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0\(2.49\)

Trust: 1.0

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0\(2.46\)

Trust: 1.0

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1\(1.97\)

Trust: 1.0

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1\(1.98\)

Trust: 1.0

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0\(2.48\)

Trust: 1.0

vendor:ciscomodel:telepresence server softwarescope:eqversion:2.3 (1.55)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:2.3 (1.57)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:2.3 (1.58)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0 (2.24)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0 (2.46)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0 (2.48)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0 (2.49)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1 (1.80)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1 (1.82)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1 (1.95)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1 (1.96)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1 (1.97)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1 (1.98)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.0 (1.57)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.0 (2.8)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.1 (1.79)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.1(1.79)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.0(2.8)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.0(1.57)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1(1.98)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1(1.97)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1(1.96)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1(1.95)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1(1.82)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1(1.80)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0(2.49)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0(2.48)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0(2.46)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0(2.24)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:2.3(1.58)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:2.3(1.57)

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:eqversion:2.3(1.55)

Trust: 0.3

vendor:ciscomodel:telepresence server on virtual machinescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence server on multiparty mediascope:eqversion:3200

Trust: 0.3

vendor:ciscomodel:telepresence server on multiparty mediascope:eqversion:3100

Trust: 0.3

vendor:ciscomodel:telepresence server msescope:eqversion:87100

Trust: 0.3

vendor:ciscomodel:telepresence serverscope:eqversion:70100

Trust: 0.3

vendor:ciscomodel:telepresence server softwarescope:neversion:4.1(2.33)

Trust: 0.3

sources: BID: 76758 // JVNDB: JVNDB-2015-004940 // CNNVD: CNNVD-201509-247 // NVD: CVE-2015-6284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6284
value: HIGH

Trust: 1.0

NVD: CVE-2015-6284
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201509-247
value: HIGH

Trust: 0.6

VULHUB: VHN-84245
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6284
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84245
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84245 // JVNDB: JVNDB-2015-004940 // CNNVD: CNNVD-201509-247 // NVD: CVE-2015-6284

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-84245 // JVNDB: JVNDB-2015-004940 // NVD: CVE-2015-6284

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-247

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201509-247

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004940

PATCH
title:cisco-sa-20150916-tpsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps
Trust: 0.8
title:40749url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40749
Trust: 0.8
title:cisco-sa-20150916-tpsurl:http://www.cisco.com/cisco/web/support/JP/113/1135/1135306_cisco-sa-20150916-tps-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004940

EXTERNAL IDS
db:NVDid:CVE-2015-6284
Trust: 2.8
db:SECTRACKid:1033580
Trust: 1.1
db:BIDid:76758
Trust: 1.0
db:JVNDBid:JVNDB-2015-004940
Trust: 0.8
db:CNNVDid:CNNVD-201509-247
Trust: 0.7
db:VULHUBid:VHN-84245
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84245 // 
            
            
            
            BID: 76758 // 
            
            
            
            JVNDB: JVNDB-2015-004940 // 
            
            
            
            CNNVD: CNNVD-201509-247 // 
            
            
            
            NVD: CVE-2015-6284

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150916-tps
Trust: 2.0
url:http://www.securitytracker.com/id/1033580
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6284
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6284
Trust: 0.8
url:http://www.securityfocus.com/bid/76758
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/conferencing/telepresence-server/index.html
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40749
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84245 // 
            
            
            
            BID: 76758 // 
            
            
            
            JVNDB: JVNDB-2015-004940 // 
            
            
            
            CNNVD: CNNVD-201509-247 // 
            
            
            
            NVD: CVE-2015-6284

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76758 // 
            
            
            
            CNNVD: CNNVD-201509-247

SOURCES
db:VULHUBid:VHN-84245
db:BIDid:76758
db:JVNDBid:JVNDB-2015-004940
db:CNNVDid:CNNVD-201509-247
db:NVDid:CVE-2015-6284

LAST UPDATE DATE
2024-11-23T22:59:31.569000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84245date:2016-12-29T00:00:00
db:BIDid:76758date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004940date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-247date:2015-09-18T00:00:00
db:NVDid:CVE-2015-6284date:2024-11-21T02:34:42.013

SOURCES RELEASE DATE
db:VULHUBid:VHN-84245date:2015-09-20T00:00:00
db:BIDid:76758date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004940date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-247date:2015-09-18T00:00:00
db:NVDid:CVE-2015-6284date:2015-09-20T14:59:02.367