Cisco TelePresence Management Suite SNMP Denial of Service Vulnerability

2013-04-30T20:37:02
ID CISCO-SA-20130430-CVE-2013-1229
Type cisco
Reporter Cisco
Modified 2013-04-30T20:36:53

Description

A vulnerability in the 64-bit SNMP server of Cisco TelePresence Management Suite (TMS) could allow an unauthenticated, remote attacker to terminate the TMSSNMPService.exe process.

The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending SNMP traps to a 64-bit TMS server. An exploit could allow the attacker to cause a partial denial of service condition.

Cisco has confirmed the vulnerability in a security notice and software updates are available.

To exploit the vulnerability, an attacker would likely need access to trusted, internal networks to send crafted SNMP traps to the targeted system. This access requirement may reduce the likelihood of a successful attack.

Customers are advised to review the bug reports in the Vendor Announcements section for a current list of affected versions.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.