Vulnerabilities > CVE-2014-3368 - Resource Management Errors vulnerability in Cisco products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cisco
CWE-399
nessus
NVD
Published: 2014-10-19
Updated: 2024-11-21

Summary

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507.

Vulnerable Configurations

Part Description Count
Application
Cisco
14

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO_TELEPRESENCE_VCS_SA_20141015.NASL
descriptionAccording to the self-reported version, returned by a standard SNMP request, the version of the Cisco TelePresence VCS or Expressway Series device prior to 8.2. It is, therefore, potentially affected by multiple denial of service vulnerabilities : - A flaw exists in packet processing when processing IP packets at a high rate. This can allow a remote attacker to cause a kernel crash via specially crafted packets. (CVE-2014-3368) - A flaw in the SIP IX Channel is triggered when handling a specially crafted SDP packet. This can allow a remote attacker to cause a system reload. SIP IX Filtering must be enabled for the system to be affected. (CVE-2014-3369) - A flaw exists in the SIP module that can allow a remote attacker to cause a system reload via a specially crafted SIP packet. (CVE-2014-3370)
last seen2020-06-01
modified2020-06-02
plugin id78625
published2014-10-22
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/78625
titleCisco TelePresence VCS / Expressway Series < 8.2 Multiple DoS Vulnerabilities

References