Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105661
Category:CISCO
Title:Multiple Cisco Products libSRTP Denial of Service Vulnerability
Summary:Cisco released version 1.5.3 of the Secure Real-Time Transport Protocol (SRTP); library (libSRTP), which addresses a denial of service (DoS) vulnerability. Multiple Cisco products incorporate a vulnerable version of the libSRTP library.;; The vulnerability is in the encryption processing subsystem of libSRTP and could allow an unauthenticated,; remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets.; An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device.;; The impact of this vulnerability on Cisco products may vary depending on the affected product. Details about the impact on each product; are outlined in the `Conditions` section of each Cisco bug for this vulnerability. The bug IDs are listed at the top of this advisory and in the table in Vulnerable Products.
Description:Summary:
Cisco released version 1.5.3 of the Secure Real-Time Transport Protocol (SRTP)
library (libSRTP), which addresses a denial of service (DoS) vulnerability. Multiple Cisco products incorporate a vulnerable version of the libSRTP library.

The vulnerability is in the encryption processing subsystem of libSRTP and could allow an unauthenticated,
remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets.
An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device.

The impact of this vulnerability on Cisco products may vary depending on the affected product. Details about the impact on each product
are outlined in the `Conditions` section of each Cisco bug for this vulnerability. The bug IDs are listed at the top of this advisory and in the table in Vulnerable Products.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-6360
Cisco Security Advisory: 20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp
Debian Security Information: DSA-3539 (Google Search)
http://www.debian.org/security/2016/dsa-3539
http://www.securitytracker.com/id/1035636
http://www.securitytracker.com/id/1035637
http://www.securitytracker.com/id/1035648
http://www.securitytracker.com/id/1035649
http://www.securitytracker.com/id/1035650
http://www.securitytracker.com/id/1035651
http://www.securitytracker.com/id/1035652
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.