Vulnerabilities > CVE-2012-0331 - Resource Management Errors vulnerability in Cisco products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cisco

CWE-399

NVD

Published: 2012-03-01

Updated: 2012-03-01

Summary

Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319. Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs 'Vulnerable Products These vulnerabilities affect all three variants (Control, Expressway, and Starter Pack Express) of Cisco TelePresence Video Communication Server.'

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Telepresence System Software X5.2 Cisco Telepresence System Software X6.0 Cisco Telepresence System Software X6.1 Cisco Telepresence System Software - Cisco Telepresence System Software 1.2.3\(1101\) Cisco Telepresence System Software 1.3.2\(1393\) Cisco Telepresence System Software 1.4.7\(2229\) Cisco Telepresence System Software 1.5.1\(2082\) Cisco Telepresence System Software 1.5.3\(2115\) Cisco Telepresence System Software 1.5.10\(3648\) Cisco Telepresence System Software 1.5.11\(3659\) Cisco Telepresence System Software 1.5.12\(3701\) Cisco Telepresence System Software 1.5.13\(3717\) Cisco Telepresence System Software 1.6.0\(3954\) Cisco Telepresence System Software 1.6.2\(4023\) Cisco Telepresence System Software 1.6.3\(4042\) Cisco Telepresence System Software 1.6.4\(4072\) Cisco Telepresence System Software 1.6.5\(4097\) Cisco Telepresence System Software 1.6.6\(4109\) Cisco Telepresence System Software 1.6.7\(4212\) Cisco Telepresence System Software 1.6.8\(4222\) Cisco Telepresence System Software 1.7.0.1\(4764\) Cisco Telepresence System Software 1.7.0.2\(4719\) Cisco Telepresence System Software 1.7.1\(4864\) Cisco Telepresence System Software 1.7.2\(4937\) Cisco Telepresence System Software 1.7.2.1\(2\) Cisco Telepresence System Software 1.7.4\(270\) Cisco Telepresence System Software 1.7.5\(42\) Cisco Telepresence System Software 1.7.6\(4\) Cisco Telepresence System Software 1.8.0\(55\) Cisco Telepresence System Software 1.8.0U\) Cisco Telepresence System Software 1.8.1\(34\) Cisco Telepresence System Software 1.8.2\(11\) Cisco Telepresence System Software 1.8.3\(4\) Cisco Telepresence System Software 1.8.4\(13\) Cisco Telepresence System Software 1.8.5\(4\) Cisco Telepresence System Software 1.8.14\) Cisco Telepresence System Software 1.9.0\(46\) Cisco Telepresence System Software 1.9.0.1\(3\) Cisco Telepresence System Software 1.9.1\(68\) Cisco Telepresence System Software 1.9.2 Cisco Telepresence System Software 1.9.2\(19\) Cisco Telepresence System Software 1.9.3 Cisco Telepresence System Software 1.9.3\(44\) Cisco Telepresence System Software 1.9.4 Cisco Telepresence System Software 1.9.4\(19\) Cisco Telepresence System Software 1.9.5 Cisco Telepresence System Software 1.9.5\(7\) Cisco Telepresence System Software 1.9.6 Cisco Telepresence System Software 1.9.6\(2\) Cisco Telepresence System Software 1.9.6.1\(3\) Cisco Telepresence System Software 1.10.0 Cisco Telepresence System Software 1.10.0\(259\) Cisco Telepresence System Software 1.10.1 Cisco Telepresence System Software 1.10.1\(43\) Cisco Telepresence System Software 1.10.2\(42\) Cisco Telepresence System Software 1.10.3\(41\) Cisco Telepresence System Software 4.0.0 Cisco Telepresence System Software 6.0.0.1\(4\) Cisco Telepresence System Software 6.0.1\(50\) Cisco Telepresence System Software 6.0.2\(28\) Cisco Telepresence System Software 6.0.3\(33\) Cisco Telepresence System Software 6.0.4\(11\) Cisco Telepresence System Software 6.0.5\(5\) Cisco Telepresence System Software 6.1.0\(90\) Cisco Telepresence System Software F9.0.1 Cisco Telepresence System Software F9.0.2 Cisco Telepresence System Software F9.1.0 Cisco Telepresence System Software F9.1.1 Cisco Telepresence System Software F9.1.2 Cisco Telepresence System Software F9.3 Cisco Telepresence System Software F9.3.1 Cisco Telepresence System Software Fnc9.1.0 Cisco Telepresence System Software Fnc9.1.1 Cisco Telepresence System Software Fnc9.1.2 Cisco Telepresence System Software Fnc9.3 Cisco Telepresence System Software Fnc9.3.1 Cisco Telepresence System Software Tc3.1.3 Cisco Telepresence System Software Tc3.1.4 Cisco Telepresence System Software Tc3.1.5 Cisco Telepresence System Software Tc4.1.2 Cisco Telepresence System Software Tc5.1.0 Cisco Telepresence System Software Tcu4.0.3 Cisco Telepresence System Software Tcu4.1.0 Cisco Telepresence System Software Tcu4.2.0 Cisco Telepresence System Software Tt4.0.3 Cisco Telepresence System Software Tt4.1.0 Cisco Telepresence System Software X7.0	88
Hardware	Cisco Cisco Telepresence Video Communication Server *	3

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs