Cisco TelePresence VCS / Expressway Series < 8.2 Multiple DoS Vulnerabilities

high Nessus Plugin ID 78625
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote device is affected by flaws that can allow a denial of service via a device reload.

Description

According to the self-reported version, returned by a standard SNMP request, the version of the Cisco TelePresence VCS or Expressway Series device prior to 8.2. It is, therefore, potentially affected by multiple denial of service vulnerabilities :

- A flaw exists in packet processing when processing IP packets at a high rate. This can allow a remote attacker to cause a kernel crash via specially crafted packets.
(CVE-2014-3368)

- A flaw in the SIP IX Channel is triggered when handling a specially crafted SDP packet. This can allow a remote attacker to cause a system reload. SIP IX Filtering must be enabled for the system to be affected.
(CVE-2014-3369)

- A flaw exists in the SIP module that can allow a remote attacker to cause a system reload via a specially crafted SIP packet. (CVE-2014-3370)

Solution

Upgrade to version 8.2 or later.

See Also

http://www.nessus.org/u?99816dc7

https://tools.cisco.com/bugsearch/bug/CSCui06507

https://tools.cisco.com/bugsearch/bug/CSCuo42252

https://tools.cisco.com/bugsearch/bug/CSCum60447

https://tools.cisco.com/bugsearch/bug/CSCum60442

Plugin Details

Severity: High

ID: 78625

File Name: cisco_telepresence_vcs_sa_20141015.nasl

Version: 1.7

Type: remote

Family: CISCO

Published: 10/22/2014

Updated: 9/9/2021

Dependencies: cisco_telepresence_video_communication_server_detect.nbin

Risk Information

CVSS Score Source: CVE-2014-3368

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/a:cisco:telepresence_video_communication_server_software, cpe:/a:cisco:telepresence_video_communication_server, cpe:/h:cisco:telepresence_video_communication_server

Required KB Items: Cisco/TelePresence_VCS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/15/2014

Vulnerability Publication Date: 10/15/2014

Reference Information

CVE: CVE-2014-3368, CVE-2014-3369, CVE-2014-3370

BID: 70589, 70590, 70592