Lucene search

CiscoCISCO-SA-20140319-CVE-2014-2122

HistoryMar 19, 2014 - 3:38 p.m.

Cisco Hosted Collaboration Solution Memory Leak Vulnerability

2014-03-1915:38:01

tools.cisco.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.003

Percentile

71.6%

JSON

A vulnerability in the graphical user interface of the Impact server in the Cisco Hosted Collaboration Solution (HCS) could allow an unauthenticated, remote attacker to cause a memory leak.

The vulnerability is due to improper packet processing in the application. An exploit could allow the attacker to create a denial of service (DoS) condition.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker may need access to trusted, internal networks to send crafted packets to a targeted device. This access requirement may reduce the likelihood of a successful exploit.

Affected configurations

Vulners

Node

ciscohosted_collaboration_solutionMatchany

VendorProductVersionCPE
ciscohosted_collaboration_solutionanycpe:2.3:a:cisco:hosted_collaboration_solution:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	hosted_collaboration_solution	any	cpe:2.3:a:cisco:hosted_collaboration_solution:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140319-CVE-2014-2122

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.003

Percentile

71.6%

JSON

Related for CISCO-SA-20140319-CVE-2014-2122