VAR-201410-0058
Vulnerability from variot - Updated: 2023-12-18 12:07The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468. Successful exploits may allow an attacker to cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtz35468. The following products running a vulnerable version of software are affected: Cisco TelePresence MCU 4200 Series Cisco TelePresence MCU 4500 Series Cisco TelePresence MCU MSE 8420. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The vulnerability is caused by the program not filtering TCP packets adequately
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0058",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence mcu software",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.3\\(2.18\\)"
},
{
"model": "telepresence mcu software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.3(2.30)"
},
{
"model": "telepresence mcu software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.3\\(2.18\\)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:telepresence_mcu_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3\\(2.18\\)",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3397"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "70591"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-3397",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-71337",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3397",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-632",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-71337",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71337"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468. \nSuccessful exploits may allow an attacker to cause the device to reload, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCtz35468. \nThe following products running a vulnerable version of software are affected:\nCisco TelePresence MCU 4200 Series\nCisco TelePresence MCU 4500 Series\nCisco TelePresence MCU MSE 8420. Cisco TelePresence is a set of video conferencing solutions called \"TelePresence\" system of Cisco (Cisco). The vulnerability is caused by the program not filtering TCP packets adequately",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3397"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "BID",
"id": "70591"
},
{
"db": "VULHUB",
"id": "VHN-71337"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3397",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1031054",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60855",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632",
"trust": 0.7
},
{
"db": "BID",
"id": "70591",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-71337",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71337"
},
{
"db": "BID",
"id": "70591"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
]
},
"id": "VAR-201410-0058",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71337"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:07:54.807000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20141015-mcu",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-mcu"
},
{
"title": "36016",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36016"
},
{
"title": "cisco-sa-20141015-mcu",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/jp/112/1126/1126347_cisco-sa-20141015-mcu-j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71337"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-mcu"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36016"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031054"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60855"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3397"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3397"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71337"
},
{
"db": "BID",
"id": "70591"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71337"
},
{
"db": "BID",
"id": "70591"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"db": "NVD",
"id": "CVE-2014-3397"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-71337"
},
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "70591"
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"date": "2014-10-19T01:55:13.637000",
"db": "NVD",
"id": "CVE-2014-3397"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-71337"
},
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "70591"
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004984"
},
{
"date": "2015-10-30T18:01:20.920000",
"db": "NVD",
"id": "CVE-2014-3397"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence MCU Software network stack Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004984"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-632"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…