Executive Summary

Summary
Title Cisco TelePresence Endpoint Denial of Service Vulnerability
Informations
Name cisco-sa-20170607-tele First vendor Publication 2017-06-07
Vendor Cisco Last vendor Modification 2017-06-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition.

The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele"]

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJZOCScZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnj9A//d+idm+Llo+lnjcs +JwwyDRo22IegMlrN9dSDWVo5Gml+dwC9crecd2qJ4rwhsdLvCo1TEPUC/HfHSEfY l0yU0lL3yBZOx1cukIO4w/Y55MVGZThsm5ZXRgTW0tUcXN5OMvGZDPJaHFkIWB24 S6wMW2PPUY4Bxb3N0Ql3z8lBDyi1Z4s7agl2TROytL60JMibKNpKqLOAYKJldRUg igzkuqPD6s/v+94AyOj9c7+ZQO9dh8dERT2yqOQ4WBh3SgNtJvWbbQ/fHs0Oyrr +eycSUXZ3tL8AttRakYHiplW7sjp97H2GrDB/UCWkQJ4FNd25JZMLBDPuijHMiZo4 6JsHwLVWJkX0MD6WrFrb3jDRjYxiAKNzl9mZvYv8GqPWQ78plSJ/ORPeC6K28wPP mMqAF/XdDHFBRxdtRfudFC5g40keDbBJP68TBEE6Sr3FJe1sRyOo25D5ATUhP1Hv SXgkOr1rlerI6ddKagW3ik+OXXWX8goXGtn3zTtXWabuq+ng0qJtYaVvT9XzH/aX OQrkuYBCpSWmnd7TQpmQolknL7Vp6adVaE4gUiAeI5e0P9qlB0xIDZyExyvZ+Vyy H5naUXMP5Or6v6HhBSJ9O8xWAK+Y/hf7Yw1gOSyL2DDbBak+CKcUWgxCY28ELoBb Y2mtfB1LnDwKNAzDh+Uld5o3ts8= =oCEA END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 66

Snort® IPS/IDS

Date Description
2014-01-10 INVITE flood attempt
RuleID : 20396 - Revision : 8 - Type : PROTOCOL-VOIP

Nessus® Vulnerability Scanner

Date Description
2017-06-16 Name : A video conferencing application running on the remote host is affected by a ...
File : cisco-sa-20170607-tele.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2017-06-17 13:23:43
  • Multiple Updates
2017-06-15 21:24:42
  • Multiple Updates
2017-06-08 17:24:56
  • Multiple Updates
2017-06-07 21:22:02
  • First insertion