Detections
Analytics
NewStart CGSL CORE 5.04 / MAIN 5.04 : libsrtp Multiple Vulnerabilities (NS-SA-2021-0032)
high Nessus Plugin ID 147369
Language:
Synopsis
The remote machine is affected by multiple vulnerabilities.Description
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libsrtp packages installed that are affected by multiple vulnerabilities:- The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. (CVE-2015-6360)
- Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. (CVE-2013-2139)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade the vulnerable CGSL libsrtp packages. Note that updated packages may not be available yet. Please contact ZTE for more information.See Also
Plugin Details
Severity: High
ID: 147369
File Name: newstart_cgsl_NS-SA-2021-0032_libsrtp.nasl
Version: 1.3
Type: local
Published: 3/10/2021
Updated: 3/11/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2015-6360
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 3/9/2021
Vulnerability Publication Date: 6/4/2013
Reference Information
CVE: CVE-2013-2139, CVE-2015-6360