Vulnerabilities > CVE-2015-6313 - Resource Management Errors vulnerability in Cisco Telepresence Server Software 4.1(2.29)/4.1(2.33)/4.2(4.17)

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
cisco
CWE-399
nessus

Summary

Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO_TELEPRESENCE_SERVER_CISCO-SA-20160406-CTS1.NASL
descriptionAccording to its self-reported version, the Cisco TelePresence Server running on the remote host is affected by a denial of service vulnerability in the HTTP parsing engine due to improper handling of specially crafted URLs. An unauthenticated, remote attacker can exploit this, via multiple URL requests, to exhaust memory resources, resulting in a denial of service condition.
last seen2020-06-01
modified2020-06-02
plugin id90540
published2016-04-15
reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/90540
titleCisco TelePresence Server HTTP Parsing Engine DoS (cisco-sa-20160406-cts1)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(90540);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/20");

  script_cve_id("CVE-2015-6313");
  script_xref(name:"CISCO-BUG-ID", value:"CSCuv47565");
  script_xref(name:"IAVA", value:"2016-A-0094");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20160406-cts1");

  script_name(english:"Cisco TelePresence Server HTTP Parsing Engine DoS (cisco-sa-20160406-cts1)");
  script_summary(english:"Checks the software version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco TelePresence Server
running on the remote host is affected by a denial of service
vulnerability in the HTTP parsing engine due to improper handling of
specially crafted URLs. An unauthenticated, remote attacker can
exploit this, via multiple URL requests, to exhaust memory resources,
resulting in a denial of service condition.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f4b93acb");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCuv47565");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCuv47565.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6313");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/04/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/15");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:telepresence_server_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:telepresence_server_7010");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:telepresence_server_mse_8710");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:telepresence_server_on_multiparty_media_310");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:telepresence_server_on_multiparty_media_320");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:telepresence_server_on_multiparty_media_820");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:telepresence_server_on_virtual_machine");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_telepresence_server_detect.nasl");
  script_require_keys("Cisco/TelePresence_Server/Version", "Cisco/TelePresence_Server/Model");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");

model    = get_kb_item_or_exit("Cisco/TelePresence_Server/Model");
version  = get_kb_item_or_exit("Cisco/TelePresence_Server/Version");

if (
  model =~ "^7010([^0-9]|$)" ||
  model =~ "^8710([^0-9]|$)" ||
  model =~ "^310([^0-9]|$)"  ||
  model =~ "^320([^0-9]|$)"  ||
  "Virtual Machine" >< model
) fix = '4.2(4.18)';
else if (
  model =~ "^820([^0-9]|$)"
) fix = '4.2(3.72)';
else
  audit(AUDIT_HOST_NOT, "a Cisco TelePresence 7010/8710/310/320/820/VM");

# Affects 4.1(2.29) through 4.2(4.17), excluding 820 which is to 4.2(3.72)
if (
  (cisco_gen_ver_compare(a:version, b:'4.1(2.29)') >= 0) &&
  (cisco_gen_ver_compare(a:version, b:fix) < 0)
)
{
  report = '\n  Installed version : ' + version +
           '\n  Fixed version     : ' + fix +
           '\n';
  security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);
}
else audit(AUDIT_INST_VER_NOT_VULN, "Cisco TelePresence Server software", version);