Executive Summary
Summary | |
---|---|
Title | Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20161102-cms1 | First vendor Publication | 2016-11-02 |
Vendor | Cisco | Last vendor Modification | 2016-11-02 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software performs incomplete input validation of the size of media lines in session descriptions. An attacker could exploit this vulnerability by sending crafted packets to the SDP parser on an affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on an affected system, which could allow the attacker to execute arbitrary code on the system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1 BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJYGeeeAAoJEK89gD3EAJB5ONgP/RUQTYCV+EW2SbXMFCghUH0m f6SrzmX3BJYe1ToFWf+QltKKHuS+iWr/R81fQ7tlBqDb8qpVIvhqM4HPirvKNl0w fwrkwu32FCDQNv6zeZuMeT9u0IooLzT6gEUDtxzhcy7iimhF6MmqdfyBSyYVVHrx N2N3Ru7ngMtgFLXdOGmL4AVT58LCy35WmxZXN1pel5VklKKnLhpXAnIyWovHDMJa srl9Hk7bgtP9Z8c+jhsAuQO6PdzZJXPo831TYQXx6gbzg5ESewfbcFSZpo35YVMZ BWEJ37NiYPXF9aMgu7t0+DwzSJr3ws9GQb58/R79m2vVTsLCAdbPtr7caHZ0yYEV Rc5zutMlNgMz1qR4fhwPefEIEktghmy9TmlrK6p7CLzXI0Xfa0jHYSUr12OT9qHo wLym7jGsC8NksH0rKEGFCKK3vQpflasW74BoJ1gwl046JbCQIQIc9U/ofcJZspKe KCbkpic0kAozMEms7tEprq3nOb34tPgWa0Ie1rXoDWu6ioXgjlMQusznO35MPIJ7 EfcmFV+Z8NK6cxG5G+aKwWl8xnWRii5/bXfEFnCx5ICcMD1KOP651rcCHpTDLs+m 5yYjwOOxrnHVveldIon6Ryp+1j0hkTZkbBPcRCN7kgNPioAC6GNWjFvj0hYxCbz9 8FFZPoHfD+E5+Bvcjz2r =69Jd END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2016-11-03 | Cisco Meeting Server SIP SDP media description buffer overflow attempt RuleID : 40638 - Revision : 1 - Type : PROTOCOL-VOIP |
Alert History
Date | Informations |
---|---|
2016-11-05 00:25:19 |
|
2016-11-02 21:24:57 |
|