10 - cisco-sa-20150311-vcs

Executive Summary

Summary
Title	Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway and Cisco TelePresence Conductor

Informations
Name	cisco-sa-20150311-vcs	First vendor Publication	2015-03-11
Vendor	Cisco	Last vendor Modification	2015-03-11
Severity (Vendor)	N/A	Revision	1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco TelePresence Video Communication Server (VCS), Cisco Expressway and Cisco TelePresence Conductor contain the following vulnerabilities:

* SDP Media Description Denial of Service Vulnerability * Authentication Bypass Vulnerability

Successful exploitation of the SDP Media Description Denial of Service Vulnerability may cause the affected system to reload. Successful exploitation of the Authentication Bypass Vulnerability may allow an attacker to bypass authentication and log in to the system with the privileges of an administrator.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVAF7aAAoJEIpI1I6i1Mx3S10QAJhIupf/Gj2IJHMjYSd6JXH5 LvkDmwfuphrOHSVw2+OnWlFVK37qHg6JYQl12Wv7DQ8novToZrSJtn++KkjrwrE1 Tq9E5pAU36SBQhVlVGIPqGqQWVny3QxkddEaXPZoVdhTukyYV+enlM11FmfbER9k eFiBFcsBtDE9pF3owTqoavw5KoyQYq3uVpMnHuP1k4ite5tBmrrMa8xYxv/t0TMb CYzXbiIZ1C1coJbQuJP48Oj7ogmV9nqFXB+kdN+9GLlN5pLMzng2Ww5zdTOtfh3X wY5U5lQL3BOF5eJUU8XBBnho0JnaIkphLbZqkCCEgD5xYbtF2PWPpUDn7MYk0PyA FiMVbjyQKuTynTPtPYf0cKE/YlbaJbgYiJDqqyyf2cwD8LGPpUZ//NbYtCceROR9 fCAsBLeFKqZHHGc5d0ZdZhEytMeG4T262S3qAPba0RLRMGeKFq+lNLLI5pqZe1ON 7QSHBBmazwun1jsBA8bi+ZmYfOlt5hm3WSVs03JC231miZZCYUUpYLULgwwxkEq2 3MsHftzaWez70y/JY1JAFT6cQGgBn/XKwVtzFDZA/TXpPBnyoP05U1aK/HACYW30 XDa+oPiCgLsqB4zBlE8LCGxaULkrwEdyeEtXz3EnJDiPZPXPANElQ4syyxjBoYvX b/06KvYeUJ2Ho8WK140j =XBC5 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-287	Improper Authentication
50 %	CWE-20	Improper Input Validation

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cisco Expressway Software cpe:2.3:a:cisco:expressway_software::::::::	1
Application	Cisco Telepresence Conductor cpe:2.3:a:cisco:telepresence_conductor::::::::	1
Application	Cisco Telepresence Video Communication Server Software cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:::::::* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2_base:::::::* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:::::::* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.1:::::::* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1_base:::::::* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.2.1:::::::* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.2:::::::* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.1:::::::* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x6.1:::::::* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x6.0:::::::* cpe:2.3:a:cisco:telepresence_video_communication_server_software::::::::	11

Information Assurance Vulnerability Management (IAVM)

Date	Description
2015-03-19	IAVM : 2015-A-0058 - Multiple Vulnerabilities in Cisco TelePresence Video Communication Server (VCS) Severity : Category I - VMSKEY : V0059297

Snort® IPS/IDS

Date	Description
2015-03-17	Cisco TelePresence Video Communication Server authentication bypass attempt RuleID : 33871 - Revision : 2 - Type : SERVER-WEBAPP
2015-03-17	Cisco TelePresence Video Communication Server SDP media description denial of... RuleID : 33870 - Revision : 1 - Type : PROTOCOL-VOIP
2015-03-17	Cisco TelePresence Video Communication Server SDP media description denial of... RuleID : 33869 - Revision : 1 - Type : PROTOCOL-VOIP

Nessus® Vulnerability Scanner

Date	Description
2015-03-20	Name : The remote host is affected by a security bypass vulnerability. File : cisco_telepresence_conductor_sa_CSCur05556.nasl - Type : ACT_GATHER_INFO
2015-03-20	Name : The remote host is affected by a security bypass vulnerability. File : cisco_telepresence_vcs_sa_CSCur02680.nasl - Type : ACT_GATHER_INFO
2015-03-19	Name : The remote host is affected by a denial of service vulnerability. File : cisco_telepresence_conductor_sa_CSCun73192.nasl - Type : ACT_GATHER_INFO
2015-03-19	Name : The remote host is affected by a denial of service vulnerability. File : cisco_telepresence_vcs_sa_CSCus96593.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2015-10-18 17:22:07	Multiple Updates
2015-03-21 13:27:28	Multiple Updates
2015-03-20 13:28:42	Multiple Updates
2015-03-17 21:26:19	Multiple Updates
2015-03-14 00:26:01	Multiple Updates
2015-03-11 21:22:06	First insertion

Global Informations

Type	Count
CWE ID(s)	2
CPE ID(s)	13
IAVM(s)	1
Snort® Rule(s)	3
Nessus® Exploit(s)	4

	Related
10	CVE-2015-0653
7.8	CVE-2015-0652
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

10 - cisco-sa-20150311-vcs

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU