Vulnerabilites related to cisco - telepresence_mcu_software
Vulnerability from fkie_nvd
Published
2015-07-10 00:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39801 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1032838 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39801 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032838 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_mcu_software | 4.5\(1.55\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.5\\(1.55\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41EED1FE-CC53-4D73-A6DF-60278EC03040",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710."
},
{
"lang": "es",
"value": "Vulnerabilidad CSRF en dispositivos Cisco TelePresence MCU 4500 con software 4.5 (1.55), permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug ID CSCuu90710."
}
],
"id": "CVE-2015-4257",
"lastModified": "2024-11-21T02:30:43.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-10T00:59:04.867",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39801"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032838"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-25 00:59
Modified
2024-11-21 02:23
Severity ?
Summary
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.0\\(.1.13\\):*:*:*:*:*:*:*",
"matchCriteriaId": "02365039-7794-4A7C-B48F-AFEBAE929B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.1\\(.1.14\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9C6AB701-BFBA-4199-83AC-F5D39C56FEAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_advanced_media_gateway:1.1\\(1.34\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7FE013A-292B-46D7-80BE-3B26FBD05D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_gateway:2.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7B8A87-18A3-4F9A-80CA-531F8FD34EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_gateway:2.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CA75EBD3-C348-4175-AE49-C1F43168E591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_gateway:2.0.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5CB75-06D2-47DD-A435-1CD7887B4143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_1.0_converter:1.0\\(1.9\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A83850D3-C59D-4170-A5E1-4F9AFF068EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_2.4:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03952191-EEBA-434B-B38A-D4470731F74C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_3.0:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A280285-5B92-4518-8432-919654B0C34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_ip_vcr_3.0:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "6B466E73-B28C-4AE1-8830-3D7ECAFDE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.0\\(1.51\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E8415303-8D7D-4E37-ACD0-6E6011D2B8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.22\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C9A30919-F651-4018-BE0F-71AF8C56BABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2CE00AF4-76FD-42E4-A0FC-6E1534282C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.49\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A2A3CF3A-6068-4D5D-BCDA-77B201E28800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_isdn_gw_3241:2.1\\(1.56\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C9E2011-B794-485A-93C6-EFDE17C98DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.1\\(1.51\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C7A0E502-987C-4BB3-BB30-4E46128D73EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.1\\(1.59\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0F653E6-270B-4BFF-8F26-2CD4A3B6F60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.2\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B3EFEACC-766F-4479-A69E-389D0448A44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.2\\(1.46\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF1356C5-A6BC-4D1F-A640-0E0D568797AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.2\\(1.50\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C844842F-45CF-43DC-84DA-C52AEB40E54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(1.68\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C3C20EAA-687B-4531-91EB-C1B835A6C0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(2.18\\):*:*:*:*:*:*:*",
"matchCriteriaId": "970A98BD-0018-44E2-B4AA-5715B383EB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(2.30\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BB0C1257-037A-4FED-8FAC-F39169A1D0B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3\\(2.32\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D5FC7CE6-D1BE-4E78-9727-39AED8E04306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4\\(3.42\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F47D2C63-FA7A-4993-A44B-7DE1F9158EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4\\(3.49\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2C75377B-0CB7-461C-A857-1CC9BB394B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_serial_gateway:1.0.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "75DB1C8C-C9E5-4C83-B524-3E71B1FAACF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_serial_gateway:1.0.1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "63549A00-A34D-4A7E-A38C-6470EBBB0A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_serial_gateway:1.0.1.38:*:*:*:*:*:*:*",
"matchCriteriaId": "9D964BE9-A3B7-46D6-BBC6-0DBF0F13B91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.1\\(1.33\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4987F125-01CF-4D17-AF4C-E1F4BB977039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.1\\(1.37\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EB6EAFBB-5B0A-43E0-A7A7-8B2C17033301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.43\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B029054E-5575-40DA-B9C0-C45A0E938D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.48\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B4263AB-2AE2-418D-AFD1-FAA4CF46DE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.54\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D93A770A-3B67-4F27-B695-50F0430AFB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.55\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6C8E87AF-FAC5-419F-80DF-02EF48485990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.57\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1A5488C8-1B72-41D5-B346-1C27B529BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE67D1A0-522A-4FEB-A59E-27D8E8FA3196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(1.57\\):*:*:*:*:*:*:*",
"matchCriteriaId": "71B3BA0E-F4D1-484D-987D-F96DD3DECDB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(2.8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "28A70BA8-B132-4EAC-A9C5-706B5BE7D837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_supervisor_mse_8050_software:2.1\\(1.18\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEE3300B-EB67-43E2-B124-6BAFD8AE2AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_supervisor_mse_8050_software:2.2\\(1.17\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1F6C244B-DFCE-4E17-B13D-2DBB7053D0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_supervisor_mse_8050_software:2.3\\(1.32\\):*:*:*:*:*:*:*",
"matchCriteriaId": "555E1314-2954-4D81-8BFB-298CE9891106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
},
{
"lang": "es",
"value": "El Framework web en Cisco TelePresence Advanced Media Gateway Series Software anterior a 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software anterior a 3.0(1.27), Cisco TelePresence ISDN Gateway Software anterior a 2.2(1.94), Cisco TelePresence MCU Software anterior a 4.4(3.54) y 4.5 anterior a 4.5(1.45), Cisco TelePresence MSE Supervisor Software anterior a 2.3(1.38), Cisco TelePresence Serial Gateway Series Software anterior a 1.0(1.42), Cisco TelePresence Server Software for Hardware anterior a 3.1(1.98), y Cisco TelePresence Server Software for Virtual Machine anterior a 4.1(1.79) permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios root a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, y CSCur15855."
}
],
"id": "CVE-2015-0713",
"lastModified": "2024-11-21T02:23:35.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T00:59:01.357",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-19 01:55
Modified
2024-11-21 02:08
Severity ?
Summary
The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_mcu_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66492D0A-BF5F-4A63-8A58-21ECDAB8DD71",
"versionEndIncluding": "4.3\\(2.18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468."
},
{
"lang": "es",
"value": "La pila de red en Cisco TelePresence MCU Software anterior a 4.3(2.30) permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de paquetes TCP manipulados, tambi\u00e9n conocido como Bug ID CSCtz35468."
}
],
"id": "CVE-2014-3397",
"lastModified": "2024-11-21T02:08:00.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-19T01:55:13.637",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/60855"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu"
},
{
"source": "psirt@cisco.com",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36016"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1031054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031054"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 19:59
Modified
2024-11-21 03:26
Severity ?
Summary
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_mcu_software | 4.3_\(1.68\) | |
| cisco | telepresence_mcu_software | 4.3_\(2.18\) | |
| cisco | telepresence_mcu_software | 4.3_\(2.30\) | |
| cisco | telepresence_mcu_software | 4.3_\(2.32\) | |
| cisco | telepresence_mcu_software | 4.4_\(3.42\) | |
| cisco | telepresence_mcu_software | 4.4_\(3.49\) | |
| cisco | telepresence_mcu_software | 4.4_\(3.54\) | |
| cisco | telepresence_mcu_software | 4.4_\(3.57\) | |
| cisco | telepresence_mcu_software | 4.4_\(3.67\) | |
| cisco | telepresence_mcu_software | 4.5_\(1.45\) | |
| cisco | telepresence_mcu_software | 4.5_\(1.55\) | |
| cisco | telepresence_mcu_software | 4.5_\(1.71\) | |
| cisco | telepresence_mcu_software | 4.5_\(1.72\) | |
| cisco | telepresence_mcu_software | 4.5_\(1.85\) | |
| cisco | telepresence_mcu_4505 | - | |
| cisco | telepresence_mcu_4510 | - | |
| cisco | telepresence_mcu_4515 | - | |
| cisco | telepresence_mcu_4520 | - | |
| cisco | telepresence_mcu_5310 | - | |
| cisco | telepresence_mcu_5320 | - | |
| cisco | telepresence_mcu_mse_8510 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\\(1.68\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0D5DEB9D-D154-43EF-87CB-3BEB0B06936A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\\(2.18\\):*:*:*:*:*:*:*",
"matchCriteriaId": "920D4FF4-0E1A-446A-B6AF-0A3CE1D3A236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\\(2.30\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8A6DE420-0DBA-4C14-B8C2-8C2CBEBE94E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\\(2.32\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EAB21E91-9369-487F-B22F-3B26B560310E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4_\\(3.42\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C205C88E-C048-4842-97D7-47CACC6DB595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4_\\(3.49\\):*:*:*:*:*:*:*",
"matchCriteriaId": "635AA5E5-1319-4E8D-B6FE-7BC0B53F2770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4_\\(3.54\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E1C0AAE1-32B3-440B-962A-EB938B630E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4_\\(3.57\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6C03917E-4EF8-47EF-B574-E4C6BD27F37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.4_\\(3.67\\):*:*:*:*:*:*:*",
"matchCriteriaId": "459622B5-5275-432B-A4B7-36DDF2C04958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.5_\\(1.45\\):*:*:*:*:*:*:*",
"matchCriteriaId": "55D7930B-46C4-4CF9-97E5-A9B6DE2B9010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.5_\\(1.55\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6FC5F5D4-EAA9-45B9-805A-C54D6CE1771F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.5_\\(1.71\\):*:*:*:*:*:*:*",
"matchCriteriaId": "536CCE45-8927-4E41-97B4-BB23283CB4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.5_\\(1.72\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7CB34EE6-77D4-4CF8-AAC1-1D2AD436176E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mcu_software:4.5_\\(1.85\\):*:*:*:*:*:*:*",
"matchCriteriaId": "671D9004-A722-4BED-8C37-0E04A409C7CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_4505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5574D81E-25A1-477A-978C-109D667771A8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_4510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96560014-147A-4AE1-A215-E2F04B3AD7C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_4515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72129DF6-D50B-46D8-84EA-95E65D86FF62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_4520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11C64580-60FB-40CB-968A-1737E59A1E6F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_5310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D14ACCD9-5840-4459-91B8-E8D8BABB6DF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_5320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DEB99C0-5510-48C5-BFA4-DEAB511714DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mcu_mse_8510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "738ED7C7-98D6-4BD5-9115-48405F350CC9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675."
},
{
"lang": "es",
"value": "Una vulnerabilidad en un controlador de dispositivo propietario en el kernel del Software Cisco TelePresence Multipoint Control Unit (MCU) podr\u00edan permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario o provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad se debe a una validaci\u00f3n de tama\u00f1o incorrecta al reensamblar paquetes IPv4 o IPv6 fragmentados. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de fragmentos IPv4 o IPv6 a un puerto que reciba contenido en modo de contenido Passthrough. Un exploit podr\u00eda permitir al atacante desbordar un b\u00fafer. Si tiene \u00e9xito, el atacante podr\u00eda ejecutar c\u00f3digo arbitrario o provocar una condici\u00f3n DoS en el sistema afectado. Las plataformas Cisco TelePresence MCU TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 y TelePresence MCU 4500 se ven afectadas cuando se ejecuta la versi\u00f3n de software 4.3 (1.68) o una configuraci\u00f3n posterior para el modo de contenido Passthrough. Cisco ha lanzado actualizaciones de software que abordan esta vulnerabilidad. Las soluciones provisionales que abordan esta vulnerabilidad no est\u00e1n disponibles, pero hay mitigaciones disponibles. ID de errores de Cisco: CSCuu67675."
}
],
"id": "CVE-2017-3792",
"lastModified": "2024-11-21T03:26:07.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T19:59:00.267",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95787"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1037698"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2015-0713
Vulnerability from cvelistv5
Published
2015-05-25 00:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T00:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0713",
"datePublished": "2015-05-25T00:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3792
Vulnerability from cvelistv5
Published
2017-02-01 19:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95787 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037698 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode |
Version: Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence"
},
{
"name": "95787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95787"
},
{
"name": "1037698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-25T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence"
},
{
"name": "95787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95787"
},
{
"name": "1037698",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode",
"version": {
"version_data": [
{
"version_value": "Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence"
},
{
"name": "95787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95787"
},
{
"name": "1037698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-3792",
"datePublished": "2017-02-01T19:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-05T14:39:40.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4257
Vulnerability from cvelistv5
Published
2015-07-10 00:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39801 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032838 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:11.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150709 Cisco TelePresence MCU 4500 Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39801"
},
{
"name": "1032838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032838"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150709 Cisco TelePresence MCU 4500 Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39801"
},
{
"name": "1032838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032838"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150709 Cisco TelePresence MCU 4500 Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39801"
},
{
"name": "1032838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032838"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4257",
"datePublished": "2015-07-10T00:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:11.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3397
Vulnerability from cvelistv5
Published
2014-10-19 01:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60855 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36016 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031054 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60855"
},
{
"name": "20141015 Cisco TelePresence MCU Software Memory Exhaustion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36016"
},
{
"name": "1031054",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-07T18:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "60855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60855"
},
{
"name": "20141015 Cisco TelePresence MCU Software Memory Exhaustion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36016"
},
{
"name": "1031054",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031054"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60855"
},
{
"name": "20141015 Cisco TelePresence MCU Software Memory Exhaustion Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36016",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36016"
},
{
"name": "1031054",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031054"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3397",
"datePublished": "2014-10-19T01:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}