Vulnerability CVE-2013-1176


Published: 2013-04-18

Description:
The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Cisco -> Telepresence mcu 4500 series software 
Cisco -> Telepresence mcu 4501 series software 
Cisco -> Telepresence mcu mse series software 
Cisco -> Telepresence server software 
Cisco -> Telepresence mcu 4501 
Cisco -> Telepresence mcu 4505 
Cisco -> Telepresence mcu 4510 
Cisco -> Telepresence mcu 4515 
Cisco -> Telepresence mcu 4520 
Cisco -> Telepresence mcu mse 8510 
Cisco -> Telepresence server 7010 
Cisco -> Telepresence server mse 8710 

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi

Copyright 2024, cxsecurity.com

 

Back to Top