PT-2015-4781 · Cisco · Cisco Telepresence Video Communication Server+2

Publicado

2015-03-13

Atualizado

2015-09-11

CVE-2015-0652

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Server (VCS) versions prior to X8.2 Cisco Expressway versions prior to X8.2 Cisco TelePresence Conductor versions prior to XC2.4

Description The issue is related to the Session Description Protocol (SDP) implementation, which allows remote attackers to cause a denial of service. This can be achieved by sending a crafted media description, resulting in a mishandled exception and device reload.

Recommendations For Cisco TelePresence Video Communication Server (VCS) versions prior to X8.2, update to version X8.2 or later. For Cisco Expressway versions prior to X8.2, update to version X8.2 or later. For Cisco TelePresence Conductor versions prior to XC2.4, update to version XC2.4 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2015-0652

Produtos afetados

Cisco Expressway

Cisco Telepresence Conductor

Cisco Telepresence Video Communication Server

PT-2015-4781 · Cisco · Cisco Telepresence Video Communication Server+2

CVE-2015-0652

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4