CVE-2015-6284

Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps	Vendor Advisory
http://www.securitytracker.com/id/1033580	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:telepresence_server_software:3.1\(1.98\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:3.1\(1.97\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:3.1\(1.96\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:3.1\(1.95\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:3.0\(2.24\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:3.0\(2.48\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:3.1\(1.80\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:4.0\(2.8\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:2.3\(1.55\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:2.3\(1.57\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:3.0\(2.46\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:3.1\(1.82\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:4.0\(1.57\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:4.1\(1.79\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:3.0\(2.49\):::::::*

OR	cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:::::::*
	cpe:2.3:h:cisco:telepresence_server_7010:-:::::::*
	cpe:2.3:h:cisco:telepresence_server_mse_8710:-:::::::*
	cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:::::::*
	cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:::::::*

Information

Published : 2015-09-20 07:59

Updated : 2016-12-29 05:15

NVD link : CVE-2015-6284

Mitre link : CVE-2015-6284

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

cisco

telepresence_server_on_multiparty_media_310
telepresence_server_software
telepresence_server_on_virtual_machine
telepresence_server_7010
telepresence_server_on_multiparty_media_320
telepresence_server_mse_8710

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps", "name": "20150916 Cisco TelePresence Server Denial of Service Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id/1033580", "name": "1033580", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-6284", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-09-20T14:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.98\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.97\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.96\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.95\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.24\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.48\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.80\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(2.8\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.55\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:2.3\\(1.57\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.46\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.1\\(1.82\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:4.0\\(1.57\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:4.1\\(1.79\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:telepresence_server_software:3.0\\(2.49\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-12-29T13:15Z"}

7.8 /10