Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway and Cisco TelePresence Conductor |
Informations | |||
---|---|---|---|
Name | cisco-sa-20150311-vcs | First vendor Publication | 2015-03-11 |
Vendor | Cisco | Last vendor Modification | 2015-03-11 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco TelePresence Video Communication Server (VCS), Cisco Expressway and Cisco TelePresence Conductor contain the following vulnerabilities: * SDP Media Description Denial of Service Vulnerability * Authentication Bypass Vulnerability Successful exploitation of the SDP Media Description Denial of Service Vulnerability may cause the affected system to reload. Successful exploitation of the Authentication Bypass Vulnerability may allow an attacker to bypass authentication and log in to the system with the privileges of an administrator. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVAF7aAAoJEIpI1I6i1Mx3S10QAJhIupf/Gj2IJHMjYSd6JXH5 LvkDmwfuphrOHSVw2+OnWlFVK37qHg6JYQl12Wv7DQ8novToZrSJtn++KkjrwrE1 Tq9E5pAU36SBQhVlVGIPqGqQWVny3QxkddEaXPZoVdhTukyYV+enlM11FmfbER9k eFiBFcsBtDE9pF3owTqoavw5KoyQYq3uVpMnHuP1k4ite5tBmrrMa8xYxv/t0TMb CYzXbiIZ1C1coJbQuJP48Oj7ogmV9nqFXB+kdN+9GLlN5pLMzng2Ww5zdTOtfh3X wY5U5lQL3BOF5eJUU8XBBnho0JnaIkphLbZqkCCEgD5xYbtF2PWPpUDn7MYk0PyA FiMVbjyQKuTynTPtPYf0cKE/YlbaJbgYiJDqqyyf2cwD8LGPpUZ//NbYtCceROR9 fCAsBLeFKqZHHGc5d0ZdZhEytMeG4T262S3qAPba0RLRMGeKFq+lNLLI5pqZe1ON 7QSHBBmazwun1jsBA8bi+ZmYfOlt5hm3WSVs03JC231miZZCYUUpYLULgwwxkEq2 3MsHftzaWez70y/JY1JAFT6cQGgBn/XKwVtzFDZA/TXpPBnyoP05U1aK/HACYW30 XDa+oPiCgLsqB4zBlE8LCGxaULkrwEdyeEtXz3EnJDiPZPXPANElQ4syyxjBoYvX b/06KvYeUJ2Ho8WK140j =XBC5 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-287 | Improper Authentication |
50 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-03-19 | IAVM : 2015-A-0058 - Multiple Vulnerabilities in Cisco TelePresence Video Communication Server (VCS) Severity : Category I - VMSKEY : V0059297 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-03-17 | Cisco TelePresence Video Communication Server authentication bypass attempt RuleID : 33871 - Revision : 2 - Type : SERVER-WEBAPP |
2015-03-17 | Cisco TelePresence Video Communication Server SDP media description denial of... RuleID : 33870 - Revision : 1 - Type : PROTOCOL-VOIP |
2015-03-17 | Cisco TelePresence Video Communication Server SDP media description denial of... RuleID : 33869 - Revision : 1 - Type : PROTOCOL-VOIP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-03-20 | Name : The remote host is affected by a security bypass vulnerability. File : cisco_telepresence_conductor_sa_CSCur05556.nasl - Type : ACT_GATHER_INFO |
2015-03-20 | Name : The remote host is affected by a security bypass vulnerability. File : cisco_telepresence_vcs_sa_CSCur02680.nasl - Type : ACT_GATHER_INFO |
2015-03-19 | Name : The remote host is affected by a denial of service vulnerability. File : cisco_telepresence_conductor_sa_CSCun73192.nasl - Type : ACT_GATHER_INFO |
2015-03-19 | Name : The remote host is affected by a denial of service vulnerability. File : cisco_telepresence_vcs_sa_CSCus96593.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-10-18 17:22:07 |
|
2015-03-21 13:27:28 |
|
2015-03-20 13:28:42 |
|
2015-03-17 21:26:19 |
|
2015-03-14 00:26:01 |
|
2015-03-11 21:22:06 |
|