CVE-2015-0652

EPSS 0.43%
Veröffentlicht 13.03.2015 01:59:31
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Expressway Software Version <= x8.1.1

Cisco ≫ Telepresence Conductor Updateprealpha0 Version <= xc2.4

Cisco ≫ Telepresence Video Communication Server Software Version <= x8.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.612

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs

Vendor Advisory

http://www.securitytracker.com/id/1031910

https://nvd.nist.gov/vuln/detail/CVE-2015-0652

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0652

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0652

EUVD