CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
EPSS
Percentile
44.4%
A vulnerability in the
t-shell implementation of Cisco TelePresence System Software could allow
an authenticated, remote attacker to exhaust the available
memory and create a denial of service (DoS) condition.
The vulnerability is due to improper handling of orphaned
t-shell sessions. An attacker could exploit this vulnerability
by opening several Secure Shell (SSH) sessions with the affected
system. An exploit could allow the attacker to consume available
memory; therefore, the affected system may become
unreachable and unable to function properly. A hard reboot is
needed to restore complete functionality.
Cisco has confirmed the vulnerability in a Security Notice and software updates are available.
To exploit this vulnerability, the attacker must authenticate to a targeted system. This access requirement limits the possibility of a successful exploit.
Customers are advised to review the bug report in the “Vendor Announcements” section for a current list of affected versions.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | telepresence_system_software | any | cpe:2.3:a:cisco:telepresence_system_software:any:*:*:*:*:*:*:* |