Vulnerabilities > CVE-2014-3368 - Resource Management Errors vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | CISCO |
| NASL id | CISCO_TELEPRESENCE_VCS_SA_20141015.NASL |
| description | According to the self-reported version, returned by a standard SNMP request, the version of the Cisco TelePresence VCS or Expressway Series device prior to 8.2. It is, therefore, potentially affected by multiple denial of service vulnerabilities : - A flaw exists in packet processing when processing IP packets at a high rate. This can allow a remote attacker to cause a kernel crash via specially crafted packets. (CVE-2014-3368) - A flaw in the SIP IX Channel is triggered when handling a specially crafted SDP packet. This can allow a remote attacker to cause a system reload. SIP IX Filtering must be enabled for the system to be affected. (CVE-2014-3369) - A flaw exists in the SIP module that can allow a remote attacker to cause a system reload via a specially crafted SIP packet. (CVE-2014-3370) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 78625 |
| published | 2014-10-22 |
| reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/78625 |
| title | Cisco TelePresence VCS / Expressway Series < 8.2 Multiple DoS Vulnerabilities |