Details of VAR-201604-0007

ID

VAR-201604-0007

CVE

CVE-2015-6313

TITLE

Run on multiple devices Cisco TelePresence Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-007018

DESCRIPTION

Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. Run on multiple devices Cisco TelePresence Server There is a service disruption ( Memory consumption or device reload ) There are vulnerabilities that are put into a state. Cisco TelePresence Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue to consume excessive amounts of memory resources, resulting in a denial-of-service condition. This issue is being tracked by Cisco bug ID CSCuv47565. MSE is a platform (Mobile Service Engine) that can provide Wi-Fi services. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. A security vulnerability exists in Cisco TelePresence Server due to the improper handling of specially crafted URLs by the HTTP parsing engine

Trust: 1.98

sources: NVD: CVE-2015-6313 // JVNDB: JVNDB-2015-007018 // BID: 85881 // VULHUB: VHN-84274

AFFECTED PRODUCTS

vendor:	sun	model:	opensolaris	scope:	eq	version:	snv_124	Trust: 1.0
vendor:	zyxel	model:	gs1900-10hp	scope:	lt	version:	2.50\(aazi.0\)c0	Trust: 1.0
vendor:	zzinc	model:	keymouse	scope:	eq	version:	3.08	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.1(2.29) to 4.2(4.17)	Trust: 0.8
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.1\\\(2.33\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.1\\\(2.29\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.2\\\(4.17\\\)	Trust: 0.6

sources: JVNDB: JVNDB-2015-007018 // CNNVD: CNNVD-201604-039 // NVD: CVE-2015-6313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6313
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6313
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201604-039
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84274
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6313
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84274
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6313
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-84274 // JVNDB: JVNDB-2015-007018 // CNNVD: CNNVD-201604-039 // NVD: CVE-2015-6313

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-84274 // JVNDB: JVNDB-2015-007018 // NVD: CVE-2015-6313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-039

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201604-039

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007018

PATCH

title:	cisco-sa-20160406-cts1	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1	Trust: 0.8
title:	Cisco TelePresence Server Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60774	Trust: 0.6

sources: JVNDB: JVNDB-2015-007018 // CNNVD: CNNVD-201604-039

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6313	Trust: 2.8
db:	SECTRACK	id:	1035501	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-007018	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-039	Trust: 0.7
db:	BID	id:	85881	Trust: 0.4
db:	VULHUB	id:	VHN-84274	Trust: 0.1

sources: VULHUB: VHN-84274 // BID: 85881 // JVNDB: JVNDB-2015-007018 // CNNVD: CNNVD-201604-039 // NVD: CVE-2015-6313

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160406-cts1	Trust: 1.7
url:	http://www.securitytracker.com/id/1035501	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6313	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6313	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-84274 // BID: 85881 // JVNDB: JVNDB-2015-007018 // CNNVD: CNNVD-201604-039 // NVD: CVE-2015-6313

CREDITS

Cisco

Trust: 0.3

sources: BID: 85881

SOURCES

db:	VULHUB	id:	VHN-84274
db:	BID	id:	85881
db:	JVNDB	id:	JVNDB-2015-007018
db:	CNNVD	id:	CNNVD-201604-039
db:	NVD	id:	CVE-2015-6313

LAST UPDATE DATE

2024-11-23T21:43:13.606000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84274	date:	2016-12-03T00:00:00
db:	BID	id:	85881	date:	2016-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2015-007018	date:	2016-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201604-039	date:	2016-04-07T00:00:00
db:	NVD	id:	CVE-2015-6313	date:	2024-11-21T02:34:45.620

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84274	date:	2016-04-06T00:00:00
db:	BID	id:	85881	date:	2016-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2015-007018	date:	2016-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201604-039	date:	2016-04-07T00:00:00
db:	NVD	id:	CVE-2015-6313	date:	2016-04-06T23:59:01.283