Executive Summary

Summary
Title Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability
Informations
Name cisco-sa-20160406-cts First vendor Publication 2016-04-06
Vendor Cisco Last vendor Modification 2016-04-06
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.2(4.18) could allow an unauthenticated, remote attacker to cause a kernel panic on the device.

The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A successful exploit could allow an attacker to cause a kernel panic, rebooting the device.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts

BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJXBSERAAoJEK89gD3EAJB5644P/An6qNBuF8NJbf3YmheKoOnZ qdWYOg89Cy/lvHXTiGshZvcahV+T4pwLKVsn40hl3H1Gfp8sOr9b2KIR8MC11jas tSZ2BZUTALhUGJ7l/3DDY2pPajpRkvMlo6BTOKhewpcKxSb5KtXn0QKsQXO/0ipz a0XlrwSZAMsyWQ9/KE3TR9LoQGZ0yPEBUJFZCP5WsMosiFGQGMp7WVO7y6G0L9J/ 9LM9qZHpbi8m01wIrRigJMj7kX/6eFOdFveAUHwBcrThknd7WiaWiK0EdzvYr3bN FbrMub1GFIZp04SaW34r+qK/Rm9P1Bku/+T38nxvAESraKG9Dumj47h3krU476UQ oSxLvacQNnaNBs9kuBFckYLYV7RneQ1u+oZq0LAZaZ6+tWdmC0Y6abrsJk3dupnl k2bX/F3UH8B5h6L9PJROcofuRtmmhOWRklK/kShlheZt/Vf8Wig/yHawRC5on1Iw QvKOWY7510U2pj4OhG2YyZgX1dmJ0neDTul6hJ39uSOBUBm7LYYy8efvqRB3S1te QaodRiaQU8CdbVRDTt5N+5qFoKQ70Ii+2HHX3h+WkMl6oVEpZ32rmn5QvbZ8pS5Y Flnli00aDIVDrxXInqiMLAig4yKKxT12uMH8lX9Ta3tyXSD3PG9QwYXbue1exwwo uwizbTaFsnwb9H5vyNUG =9XH/ END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1
Os 1
Os 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2016-04-15 Name : The remote host is affected by a denial of service vulnerability.
File : cisco_telepresence_server_cisco-sa-20160406-cts.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2016-04-16 13:27:07
  • Multiple Updates
2016-04-08 00:27:24
  • Multiple Updates
2016-04-06 21:24:30
  • First insertion