Vulnerabilities > CVE-2011-3318 - Resource Management Errors vulnerability in Cisco products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-399

NVD

Published: 2011-10-27

Updated: 2012-04-06

Summary

Cisco Video Surveillance 2421 and 2500 series cameras with software 1.1.x and 2.x before 2.4.0 and Video Surveillance 2600 series cameras with software before 4.2.0-13 allow remote attackers to cause a denial of service (device reload) by sending crafted RTSP packets over TCP, aka Bug IDs CSCtj96312, CSCtj39462, and CSCtl80175.

Vulnerable Configurations

Part	Description	Count
Hardware	Cisco Cisco Video Surveillance 2421 - Cisco Video Surveillance 2500 - Cisco Video Surveillance 2600 -	3
Application	Cisco Cisco Video Surveillance Software 1.1.0 Cisco Video Surveillance Software 1.2.1 Cisco Video Surveillance Software 2.0.0 Cisco Video Surveillance Software 2.1 Cisco Video Surveillance Software 2.1.2 Cisco Video Surveillance Software 2.1.3 Cisco Video Surveillance Software 2.1.4 Cisco Video Surveillance Software 2.1.6 Cisco Video Surveillance Software 2.1.7 Cisco Video Surveillance Software 2.3.0 Cisco Video Surveillance Software 2.3.1 Cisco Video Surveillance Software 4.0.1 Cisco Video Surveillance Software 4.2.0	13

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-camera