Vulnerabilities > CVE-2014-3370 - Resource Management Errors vulnerability in Cisco products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cisco
CWE-399
nessus
NVD
Published: 2014-10-19
Updated: 2024-11-21

Summary

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447.

Vulnerable Configurations

Part Description Count
Application
Cisco
14

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO_TELEPRESENCE_VCS_SA_20141015.NASL
descriptionAccording to the self-reported version, returned by a standard SNMP request, the version of the Cisco TelePresence VCS or Expressway Series device prior to 8.2. It is, therefore, potentially affected by multiple denial of service vulnerabilities : - A flaw exists in packet processing when processing IP packets at a high rate. This can allow a remote attacker to cause a kernel crash via specially crafted packets. (CVE-2014-3368) - A flaw in the SIP IX Channel is triggered when handling a specially crafted SDP packet. This can allow a remote attacker to cause a system reload. SIP IX Filtering must be enabled for the system to be affected. (CVE-2014-3369) - A flaw exists in the SIP module that can allow a remote attacker to cause a system reload via a specially crafted SIP packet. (CVE-2014-3370)
last seen2020-06-01
modified2020-06-02
plugin id78625
published2014-10-22
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/78625
titleCisco TelePresence VCS / Expressway Series < 8.2 Multiple DoS Vulnerabilities

References