CiscoCISCO-SA-20141015-MCUCisco TelePresence MCU Software Memory Exhaustion Vulnerability
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.007 Low
EPSS
Percentile
80.0%
A vulnerability in the network stack of Cisco TelePresence MCU Software
could allow an unauthenticated, remote attacker to cause the exhaustion
of available memory which could lead to system instability and a
reload of the affected system.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
Note: This security advisory does not provide information about
the GNU Bash Environment Variable Command Injection Vulnerability (also known as Shellshock).
For additional information regarding Cisco products affected by this
vulnerability, refer to the Cisco Security Advisory at the following
link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash”]
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco telepresence mcu software | eq | any | |
| cisco telepresence mcu software | eq | any |
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.007 Low
EPSS
Percentile
80.0%