var-201410-0058
Vulnerability from variot
The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468. Successful exploits may allow an attacker to cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtz35468. The following products running a vulnerable version of software are affected: Cisco TelePresence MCU 4200 Series Cisco TelePresence MCU 4500 Series Cisco TelePresence MCU MSE 8420. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The vulnerability is caused by the program not filtering TCP packets adequately
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0058",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence mcu software",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.3\\(2.18\\)"
},
{
"model": "telepresence mcu software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.3(2.30)"
},
{
"model": "telepresence mcu software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.3\\(2.18\\)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:telepresence_mcu_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "70591"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3397",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-71337",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3397",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-3397",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-632",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-71337",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71337"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468. \nSuccessful exploits may allow an attacker to cause the device to reload, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCtz35468. \nThe following products running a vulnerable version of software are affected:\nCisco TelePresence MCU 4200 Series\nCisco TelePresence MCU 4500 Series\nCisco TelePresence MCU MSE 8420. Cisco TelePresence is a set of video conferencing solutions called \"TelePresence\" system of Cisco (Cisco). The vulnerability is caused by the program not filtering TCP packets adequately",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3397"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "BID",
"id": "70591"
},
{
"db": "VULHUB",
"id": "VHN-71337"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3397",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1031054",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60855",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632",
"trust": 0.7
},
{
"db": "BID",
"id": "70591",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-71337",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71337"
},
{
"db": "BID",
"id": "70591"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
}
]
},
"id": "VAR-201410-0058",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71337"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:09:21.854000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20141015-mcu",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu"
},
{
"title": "36016",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36016"
},
{
"title": "cisco-sa-20141015-mcu",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1126/1126347_cisco-sa-20141015-mcu-j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71337"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-mcu"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36016"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031054"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60855"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3397"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3397"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71337"
},
{
"db": "BID",
"id": "70591"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71337"
},
{
"db": "BID",
"id": "70591"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-71337"
},
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "70591"
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-632"
},
{
"date": "2014-10-19T01:55:13.637000",
"db": "NVD",
"id": "CVE-2014-3397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-71337"
},
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "70591"
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-632"
},
{
"date": "2024-11-21T02:08:00.623000",
"db": "NVD",
"id": "CVE-2014-3397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence MCU Software network stack Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…