Vulnerabilities > CVE-2014-3397 - Resource Management Errors vulnerability in Cisco Telepresence MCU Software

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-399

nessus

NVD

Published: 2014-10-19

Updated: 2015-10-30

Summary

The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Telepresence MCU Software 4.1\(1.51\) Cisco Telepresence MCU Software 4.1\(1.59\) Cisco Telepresence MCU Software 4.2\(1.43\) Cisco Telepresence MCU Software 4.2\(1.46\) Cisco Telepresence MCU Software 4.2\(1.50\) Cisco Telepresence MCU Software 4.3\(1.68\)	6

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	CISCO
NASL id	CISCO_TELEPRESENCE_MCU_SA_20141015.NASL
description	According to the self-reported version, returned by either the SNMP or FTP service running on the remote device, the Cisco TelePresence MCU software is affected by a vulnerability that can allow a remote, unauthenticated attacker to cause a denial of service via memory exhaustion.
last seen	2020-06-01
modified	2020-06-02
plugin id	78624
published	2014-10-22
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78624
title	Cisco TelePresence MCU Software Memory Exhaustion

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References