CVE-2015-0652

EPSS 0.43%
Published 13.03.2015 01:59:31
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Expressway Software Version <= x8.1.1

Cisco ≫ Telepresence Conductor Updateprealpha0 Version <= xc2.4

Cisco ≫ Telepresence Video Communication Server Software Version <= x8.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.43%	0.612

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs

Vendor Advisory

http://www.securitytracker.com/id/1031910

https://nvd.nist.gov/vuln/detail/CVE-2015-0652

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0652

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0652

EUVD