Executive Summary
Summary | |
---|---|
Title | Cisco TelePresence Endpoint Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170607-tele | First vendor Publication | 2017-06-07 |
Vendor | Cisco | Last vendor Modification | 2017-06-07 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZOCScZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnj9A//d+idm+Llo+lnjcs +JwwyDRo22IegMlrN9dSDWVo5Gml+dwC9crecd2qJ4rwhsdLvCo1TEPUC/HfHSEfY l0yU0lL3yBZOx1cukIO4w/Y55MVGZThsm5ZXRgTW0tUcXN5OMvGZDPJaHFkIWB24 S6wMW2PPUY4Bxb3N0Ql3z8lBDyi1Z4s7agl2TROytL60JMibKNpKqLOAYKJldRUg igzkuqPD6s/v+94AyOj9c7+ZQO9dh8dERT2yqOQ4WBh3SgNtJvWbbQ/fHs0Oyrr +eycSUXZ3tL8AttRakYHiplW7sjp97H2GrDB/UCWkQJ4FNd25JZMLBDPuijHMiZo4 6JsHwLVWJkX0MD6WrFrb3jDRjYxiAKNzl9mZvYv8GqPWQ78plSJ/ORPeC6K28wPP mMqAF/XdDHFBRxdtRfudFC5g40keDbBJP68TBEE6Sr3FJe1sRyOo25D5ATUhP1Hv SXgkOr1rlerI6ddKagW3ik+OXXWX8goXGtn3zTtXWabuq+ng0qJtYaVvT9XzH/aX OQrkuYBCpSWmnd7TQpmQolknL7Vp6adVaE4gUiAeI5e0P9qlB0xIDZyExyvZ+Vyy H5naUXMP5Or6v6HhBSJ9O8xWAK+Y/hf7Yw1gOSyL2DDbBak+CKcUWgxCY28ELoBb Y2mtfB1LnDwKNAzDh+Uld5o3ts8= =oCEA END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | INVITE flood attempt RuleID : 20396 - Revision : 8 - Type : PROTOCOL-VOIP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-06-16 | Name : A video conferencing application running on the remote host is affected by a ... File : cisco-sa-20170607-tele.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-06-17 13:23:43 |
|
2017-06-15 21:24:42 |
|
2017-06-08 17:24:56 |
|
2017-06-07 21:22:02 |
|