Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105609
Category:CISCO
Title:Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability
Summary:A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device.
Description:Summary:
A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device.

Vulnerability Insight:
The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT (STUN) packets.

Vulnerability Impact:
An attacker could exploit this vulnerability by submitting malformed STUN packets to the device. If successful, the attacker could force the device to reload and drop all calls in the process.

Affected Software/OS:
The following Cisco TelePresence Server devices running Cisco TelePresence Server software version 3.1 are vulnerable:
Cisco TelePresence Server 7010
Cisco TelePresence Server Mobility Services Engine (MSE) 8710
Cisco TelePresence Server on Multiparty Media 310
Cisco TelePresence Server on Multiparty Media 320
Cisco TelePresence Server on Virtual Machine (VM)

Solution:
Updates are available

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-6312
Cisco Security Advisory: 20160406 Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2
http://www.securitytracker.com/id/1035500
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.