CVE-2014-3368 - Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote

CVE-2014-3368

Summary

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507.

References

Vulnerable Configurations

cpe:2.3:a:cisco:expressway_software:x7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:expressway_software:x7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:expressway_software:x8.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:expressway_software:x8.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:base:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:base:*:*:*

CVSS

Base:	7.8 (as of 08-10-2015 - 15:17)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

cisco	20141015 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software
confirm	http://tools.cisco.com/security/center/viewAlert.x?alertId=35827
sectrack	1031055
secunia	60850

Last major update

08-10-2015 - 15:17

Published

19-10-2014 - 01:55

Last modified

08-10-2015 - 15:17