Vulnerabilities > CVE-2014-3370 - Resource Management Errors vulnerability in Cisco products

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
cisco
CWE-399
nessus

Summary

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447.

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO_TELEPRESENCE_VCS_SA_20141015.NASL
descriptionAccording to the self-reported version, returned by a standard SNMP request, the version of the Cisco TelePresence VCS or Expressway Series device prior to 8.2. It is, therefore, potentially affected by multiple denial of service vulnerabilities : - A flaw exists in packet processing when processing IP packets at a high rate. This can allow a remote attacker to cause a kernel crash via specially crafted packets. (CVE-2014-3368) - A flaw in the SIP IX Channel is triggered when handling a specially crafted SDP packet. This can allow a remote attacker to cause a system reload. SIP IX Filtering must be enabled for the system to be affected. (CVE-2014-3369) - A flaw exists in the SIP module that can allow a remote attacker to cause a system reload via a specially crafted SIP packet. (CVE-2014-3370)
last seen2020-06-01
modified2020-06-02
plugin id78625
published2014-10-22
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/78625
titleCisco TelePresence VCS / Expressway Series < 8.2 Multiple DoS Vulnerabilities