cvelistv5 - CVE-2015-6284

CVE-2015-6284 (GCVE-0-2015-6284)

Vulnerability from cvelistv5 – Published: 2015-09-20 14:00 – Updated: 2024-08-06 07:15

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1033580	vdb-entryx_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:15:13.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033580",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033580"
          },
          {
            "name": "20150916 Cisco TelePresence Server Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-20T16:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1033580",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033580"
        },
        {
          "name": "20150916 Cisco TelePresence Server Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6284",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033580",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033580"
            },
            {
              "name": "20150916 Cisco TelePresence Server Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6284",
    "datePublished": "2015-09-20T14:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:15:13.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:2.3\\\\(1.55\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C8E87AF-FAC5-419F-80DF-02EF48485990\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:2.3\\\\(1.57\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A5488C8-1B72-41D5-B346-1C27B529BAC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:3.0\\\\(2.24\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE67D1A0-522A-4FEB-A59E-27D8E8FA3196\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:3.0\\\\(2.46\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4A68418-34B5-4ACE-8F5C-B0609E8A76B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:3.0\\\\(2.48\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C34CF67C-94F7-4252-99CA-468AC3E6F735\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:3.0\\\\(2.49\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"288C4183-2BB1-4BEE-B99D-419D6948087E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.80\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBDD6C7C-F04F-4637-A582-A2A3C7FDB124\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.82\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D520D173-93B8-4991-A632-C8EBE880F4EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.95\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04C63DDA-0E39-4F7D-86ED-50166D13A575\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.96\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"928F0A7E-A758-4030-802B-66761FF7EA1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.97\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53B053D6-71BF-46D7-97A7-54946FFA690A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.98\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D515279-816E-43A1-8A8F-364F5DE5B919\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:4.0\\\\(1.57\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71B3BA0E-F4D1-484D-987D-F96DD3DECDB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:4.0\\\\(2.8\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28A70BA8-B132-4EAC-A9C5-706B5BE7D837\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_server_software:4.1\\\\(1.79\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"409C5B7B-4A9B-40CE-97CA-4899FB075CC5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"983E3CC5-7B3A-467A-A482-0D19792CB55E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"411829A8-56C6-4851-8063-97F03C7B66B2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51463F95-8A40-47CC-A0FD-B8F0ED16C39F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7792A73D-C38F-44E6-A660-6CDB0955EC69\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18C16ABE-9BA2-4852-9B12-70BA6A1D50C2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de buffer en la implementaci\\u00f3n de la API del Conference Control Protocol en el software de Cisco TelePresence Server en versiones anteriores a 4.1(2.33) en 7010, MSE 8710, Multiparty Media 310 y 320 y dispositivos Virtual Machine, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (ca\\u00edda del dispositivo) a trav\\u00e9s de una URL manipulada, tambi\\u00e9n conocida como Bug ID CSCuu28277.\"}]",
      "id": "CVE-2015-6284",
      "lastModified": "2024-11-21T02:34:42.013",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-09-20T14:59:02.367",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1033580\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1033580\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6284\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2015-09-20T14:59:02.367\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer en la implementaci\u00f3n de la API del Conference Control Protocol en el software de Cisco TelePresence Server en versiones anteriores a 4.1(2.33) en 7010, MSE 8710, Multiparty Media 310 y 320 y dispositivos Virtual Machine, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del dispositivo) a trav\u00e9s de una URL manipulada, tambi\u00e9n conocida como Bug ID CSCuu28277.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:2.3\\\\(1.55\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C8E87AF-FAC5-419F-80DF-02EF48485990\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:2.3\\\\(1.57\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A5488C8-1B72-41D5-B346-1C27B529BAC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:3.0\\\\(2.24\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE67D1A0-522A-4FEB-A59E-27D8E8FA3196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:3.0\\\\(2.46\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4A68418-34B5-4ACE-8F5C-B0609E8A76B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:3.0\\\\(2.48\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C34CF67C-94F7-4252-99CA-468AC3E6F735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:3.0\\\\(2.49\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"288C4183-2BB1-4BEE-B99D-419D6948087E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.80\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBDD6C7C-F04F-4637-A582-A2A3C7FDB124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.82\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D520D173-93B8-4991-A632-C8EBE880F4EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.95\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04C63DDA-0E39-4F7D-86ED-50166D13A575\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.96\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"928F0A7E-A758-4030-802B-66761FF7EA1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.97\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53B053D6-71BF-46D7-97A7-54946FFA690A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:3.1\\\\(1.98\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D515279-816E-43A1-8A8F-364F5DE5B919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:4.0\\\\(1.57\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71B3BA0E-F4D1-484D-987D-F96DD3DECDB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:4.0\\\\(2.8\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28A70BA8-B132-4EAC-A9C5-706B5BE7D837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_server_software:4.1\\\\(1.79\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"409C5B7B-4A9B-40CE-97CA-4899FB075CC5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"983E3CC5-7B3A-467A-A482-0D19792CB55E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"411829A8-56C6-4851-8063-97F03C7B66B2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51463F95-8A40-47CC-A0FD-B8F0ED16C39F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7792A73D-C38F-44E6-A660-6CDB0955EC69\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18C16ABE-9BA2-4852-9B12-70BA6A1D50C2\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1033580\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1033580\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CERTFR-2015-AVI-397

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Cisco TelePresence Server. Elle permet à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco TelePresence Server version antérieure à 4.1(2.33)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20150916-tps du 16 septembre 2015	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20150916-tps du 16 septembre 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco TelePresence Server version ant\u00e9rieure \u00e0 4.1(2.33)\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-6284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6284"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150916-tps du 16    septembre 2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
    }
  ],
  "reference": "CERTFR-2015-AVI-397",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-09-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco\nTelePresence Server\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\nd\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco TelePresence Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150916-tps du 16 septembre 2015",
      "url": null
    }
  ]
}

CERTFR-2015-AVI-397

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Cisco TelePresence Server. Elle permet à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco TelePresence Server version antérieure à 4.1(2.33)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20150916-tps du 16 septembre 2015	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20150916-tps du 16 septembre 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco TelePresence Server version ant\u00e9rieure \u00e0 4.1(2.33)\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-6284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6284"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150916-tps du 16    septembre 2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
    }
  ],
  "reference": "CERTFR-2015-AVI-397",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-09-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco\nTelePresence Server\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\nd\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco TelePresence Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150916-tps du 16 septembre 2015",
      "url": null
    }
  ]
}

GHSA-JCF7-3F5G-P5QV

Vulnerability from github – Published: 2022-05-17 03:13 – Updated: 2022-05-17 03:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6284"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-09-20T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.",
  "id": "GHSA-jcf7-3f5g-p5qv",
  "modified": "2022-05-17T03:13:41Z",
  "published": "2022-05-17T03:13:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6284"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033580"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2015-6284

Vulnerability from fkie_nvd - Published: 2015-09-20 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1033580	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033580	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	telepresence_server_software	2.3\(1.55\)
cisco	telepresence_server_software	2.3\(1.57\)
cisco	telepresence_server_software	3.0\(2.24\)
cisco	telepresence_server_software	3.0\(2.46\)
cisco	telepresence_server_software	3.0\(2.48\)
cisco	telepresence_server_software	3.0\(2.49\)
cisco	telepresence_server_software	3.1\(1.80\)
cisco	telepresence_server_software	3.1\(1.82\)
cisco	telepresence_server_software	3.1\(1.95\)
cisco	telepresence_server_software	3.1\(1.96\)
cisco	telepresence_server_software	3.1\(1.97\)
cisco	telepresence_server_software	3.1\(1.98\)
cisco	telepresence_server_software	4.0\(1.57\)
cisco	telepresence_server_software	4.0\(2.8\)
cisco	telepresence_server_software	4.1\(1.79\)
cisco	telepresence_server_7010	-
cisco	telepresence_server_mse_8710	-
cisco	telepresence_server_on_multiparty_media_310	-
cisco	telepresence_server_on_multiparty_media_320	-
cisco	telepresence_server_on_virtual_machine	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.55\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6C8E87AF-FAC5-419F-80DF-02EF48485990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.57\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1A5488C8-1B72-41D5-B346-1C27B529BAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CE67D1A0-522A-4FEB-A59E-27D8E8FA3196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.46\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A4A68418-34B5-4ACE-8F5C-B0609E8A76B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.48\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C34CF67C-94F7-4252-99CA-468AC3E6F735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.49\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "288C4183-2BB1-4BEE-B99D-419D6948087E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.80\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EBDD6C7C-F04F-4637-A582-A2A3C7FDB124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.82\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D520D173-93B8-4991-A632-C8EBE880F4EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.95\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "04C63DDA-0E39-4F7D-86ED-50166D13A575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.96\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "928F0A7E-A758-4030-802B-66761FF7EA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.97\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "53B053D6-71BF-46D7-97A7-54946FFA690A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.98\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8D515279-816E-43A1-8A8F-364F5DE5B919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(1.57\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "71B3BA0E-F4D1-484D-987D-F96DD3DECDB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(2.8\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "28A70BA8-B132-4EAC-A9C5-706B5BE7D837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.1\\(1.79\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "409C5B7B-4A9B-40CE-97CA-4899FB075CC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "983E3CC5-7B3A-467A-A482-0D19792CB55E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "411829A8-56C6-4851-8063-97F03C7B66B2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51463F95-8A40-47CC-A0FD-B8F0ED16C39F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7792A73D-C38F-44E6-A660-6CDB0955EC69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18C16ABE-9BA2-4852-9B12-70BA6A1D50C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en la implementaci\u00f3n de la API del Conference Control Protocol en el software de Cisco TelePresence Server en versiones anteriores a 4.1(2.33) en 7010, MSE 8710, Multiparty Media 310 y 320 y dispositivos Virtual Machine, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del dispositivo) a trav\u00e9s de una URL manipulada, tambi\u00e9n conocida como Bug ID CSCuu28277."
    }
  ],
  "id": "CVE-2015-6284",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-20T14:59:02.367",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1033580"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201509-0009

Vulnerability from variot - Updated: 2023-12-18 13:29

Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277. Vendors report this vulnerability Bug ID CSCuu28277 Published as.Expertly crafted by a third party URL Via denial of service ( Device crash ) May be in a state. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuu28277. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. The vulnerability is caused by the program not properly filtering user input

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0009",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.3\\(1.55\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.3\\(1.57\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.1\\(1.79\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.1\\(1.80\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.1\\(1.95\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(2.8\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.1\\(1.82\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.1\\(1.96\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(1.57\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.0\\(2.24\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1\\(1.97\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0\\(2.46\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0\\(2.48\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0\\(2.49\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1\\(1.98\\)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.3 (1.55)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.3 (1.57)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "2.3 (1.58)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.0 (2.24)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.0 (2.46)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.0 (2.48)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.0 (2.49)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.1 (1.80)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.1 (1.82)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.1 (1.95)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.1 (1.96)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.1 (1.97)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.1 (1.98)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0 (1.57)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0 (2.8)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.1 (1.79)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1.79)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2.8)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1.57)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1(1.98)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1(1.97)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1(1.96)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1(1.95)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1(1.82)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1(1.80)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0(2.49)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0(2.48)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0(2.46)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0(2.24)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(1.58)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(1.57)"
      },
      {
        "model": "telepresence server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(1.55)"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "telepresence server mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "telepresence server software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2.33)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "76758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-247"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.98\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.97\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.96\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.95\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.48\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.80\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(2.8\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.55\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.57\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.46\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.49\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.82\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(1.57\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:4.1\\(1.79\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6284"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "76758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-247"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-6284",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-6284",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-84245",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-6284",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201509-247",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-84245",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84245"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-247"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277. Vendors report this vulnerability Bug ID CSCuu28277 Published as.Expertly crafted by a third party URL Via denial of service ( Device crash ) May be in a state. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCuu28277. The solution provides components such as audio and video spaces, which can provide remote participants with a \"face-to-face\" virtual meeting room effect. The vulnerability is caused by the program not properly filtering user input",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6284"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      },
      {
        "db": "BID",
        "id": "76758"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84245"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-6284",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1033580",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "76758",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004940",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-247",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-84245",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84245"
      },
      {
        "db": "BID",
        "id": "76758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-247"
      }
    ]
  },
  "id": "VAR-201509-0009",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84245"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:29:35.691000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20150916-tps",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150916-tps"
      },
      {
        "title": "40749",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40749"
      },
      {
        "title": "cisco-sa-20150916-tps",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/113/1135/1135306_cisco-sa-20150916-tps-j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84245"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6284"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150916-tps"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033580"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6284"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6284"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/76758"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/c/en/us/products/conferencing/telepresence-server/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40749"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84245"
      },
      {
        "db": "BID",
        "id": "76758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-247"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-84245"
      },
      {
        "db": "BID",
        "id": "76758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-247"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84245"
      },
      {
        "date": "2015-09-16T00:00:00",
        "db": "BID",
        "id": "76758"
      },
      {
        "date": "2015-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      },
      {
        "date": "2015-09-20T14:59:02.367000",
        "db": "NVD",
        "id": "CVE-2015-6284"
      },
      {
        "date": "2015-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201509-247"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84245"
      },
      {
        "date": "2015-09-16T00:00:00",
        "db": "BID",
        "id": "76758"
      },
      {
        "date": "2015-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      },
      {
        "date": "2016-12-29T13:15:58.213000",
        "db": "NVD",
        "id": "CVE-2015-6284"
      },
      {
        "date": "2015-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201509-247"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-247"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Cisco TelePresence Server Device  Conference Control Protocol API Buffer Overflow Vulnerability in Java Implementation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004940"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-247"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2015-06133

Vulnerability from cnvd - Published: 2015-09-23

Title

Cisco TelePresence Server Software API缓冲区溢出漏洞

Description

Cisco TelePresence Server Software是一套被称为“网真”系统的视频会议解决方案。该方案提供音频、视频空间等组件，可为远程参会者提供一个“面对面”的虚拟会议室效果。 Cisco TelePresence Server Software的Conference Control Protocol API存在缓冲区溢出漏洞，允许远程攻击者可利用特制的URL进行拒绝服务攻击。

Severity

高

Patch Name

Cisco TelePresence Server Software API缓冲区溢出漏洞的补丁

Patch Description

Cisco TelePresence Server Software是一套被称为“网真”系统的视频会议解决方案。该方案提供音频、视频空间等组件，可为远程参会者提供一个“面对面”的虚拟会议室效果。Cisco TelePresence Server Software的Conference Control Protocol API存在缓冲区溢出漏洞，允许远程攻击者可利用特制的URL进行拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps

Impacted products

Name
Cisco TelePresence Server <4.1(2.33) on 7010

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6284"
    }
  },
  "description": "Cisco TelePresence Server Software\u662f\u4e00\u5957\u88ab\u79f0\u4e3a\u201c\u7f51\u771f\u201d\u7cfb\u7edf\u7684\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u97f3\u9891\u3001\u89c6\u9891\u7a7a\u95f4\u7b49\u7ec4\u4ef6\uff0c\u53ef\u4e3a\u8fdc\u7a0b\u53c2\u4f1a\u8005\u63d0\u4f9b\u4e00\u4e2a\u201c\u9762\u5bf9\u9762\u201d\u7684\u865a\u62df\u4f1a\u8bae\u5ba4\u6548\u679c\u3002\r\n\r\nCisco TelePresence Server Software\u7684Conference Control Protocol API\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u7279\u5236\u7684URL\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06133",
  "openTime": "2015-09-23",
  "patchDescription": "Cisco TelePresence Server Software\u662f\u4e00\u5957\u88ab\u79f0\u4e3a\u201c\u7f51\u771f\u201d\u7cfb\u7edf\u7684\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u97f3\u9891\u3001\u89c6\u9891\u7a7a\u95f4\u7b49\u7ec4\u4ef6\uff0c\u53ef\u4e3a\u8fdc\u7a0b\u53c2\u4f1a\u8005\u63d0\u4f9b\u4e00\u4e2a\u201c\u9762\u5bf9\u9762\u201d\u7684\u865a\u62df\u4f1a\u8bae\u5ba4\u6548\u679c\u3002Cisco TelePresence Server Software\u7684Conference Control Protocol API\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u7279\u5236\u7684URL\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco TelePresence Server Software API\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco TelePresence Server \u003c4.1(2.33) on 7010"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps",
  "serverity": "\u9ad8",
  "submitTime": "2015-09-20",
  "title": "Cisco TelePresence Server Software API\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GSD-2015-6284

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-6284

Aliases

CVE-2015-6284

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6284",
    "description": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.",
    "id": "GSD-2015-6284"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6284"
      ],
      "details": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.",
      "id": "GSD-2015-6284",
      "modified": "2023-12-13T01:20:04.710795Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-6284",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1033580",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033580"
          },
          {
            "name": "20150916 Cisco TelePresence Server Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.98\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.97\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.96\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.95\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.48\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.80\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(2.8\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.55\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.57\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.46\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.49\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.82\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(1.57\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:4.1\\(1.79\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6284"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150916 Cisco TelePresence Server Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"
            },
            {
              "name": "1033580",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1033580"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-29T13:15Z",
      "publishedDate": "2015-09-20T14:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-6284 (GCVE-0-2015-6284)

CERTFR-2015-AVI-397

Solution

CERTFR-2015-AVI-397

Solution

GHSA-JCF7-3F5G-P5QV

FKIE_CVE-2015-6284

VAR-201509-0009

CNVD-2015-06133

GSD-2015-6284

Tags

Sightings

Nomenclature