Vulnerabilities > CVE-2015-0722 - Resource Management Errors vulnerability in Cisco Telepresence TC Software and Telepresence TE Software

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
cisco
CWE-399
nessus

Summary

The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952.

Vulnerable Configurations

Part Description Count
Application
Cisco
60

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO_TELEPRESENCE_SA_20150513_TC.NASL
descriptionThe version of Cisco TelePresence TC or TE software running on the remote device is affected by one or more of the following vulnerabilities : - A implementation flaw exists in the authentication and authorization controls for internal services. An unauthenticated attacker, within the broadcast or collision domains, or who has physical access to the device, can exploit this flaw to bypass authentication and obtain root access to the system by connecting to the affected service. (CVE-2014-2174) - A flaw exists due to insufficient implementation of flood controls in the network drivers. A remote, unauthenticated attacker, by rapidly sending crafted IP packets to the device, can exploit this to cause processes to restart, potentially leading to a reload of the affected system and a denial of service. (CVE-2015-0722)
last seen2020-06-01
modified2020-06-02
plugin id83731
published2015-05-20
reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/83731
titleCisco TelePresence TC and TE Software Multiple Vulnerabilities (cisco-sa-20150513-tc)