Cisco TelePresence Server Denial of Service Vulnerability
2015-09-16T16:00:00
ID CISCO-SA-20150916-TPS Type cisco Reporter Cisco Modified 2015-09-16T14:23:05
Description
A vulnerability in the Conference Control Protocol API of Cisco TelePresence Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is likely to result in only a DoS condition due to input sanitization performed on the user-supplied data before it is copied into the affected buffer. An attacker could exploit this vulnerability by providing a crafted URL that is designed to trigger the overflow condition.
Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"]
{"id": "CISCO-SA-20150916-TPS", "hash": "0727e35326fccfac3db9fd770e8e4b65", "type": "cisco", "bulletinFamily": "software", "title": "Cisco TelePresence Server Denial of Service Vulnerability", "description": "A vulnerability in the Conference Control Protocol API of Cisco TelePresence Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is likely to result in only a DoS condition due to input sanitization performed on the user-supplied data before it is copied into the affected buffer. An attacker could exploit this vulnerability by providing a crafted URL that is designed to trigger the overflow condition.\n\nCisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nCisco has released software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available.\n\nThis advisory is available at the following link:\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps [\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps\"]", "published": "2015-09-16T16:00:00", "modified": "2015-09-16T14:23:05", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps", "reporter": "Cisco", "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"], "cvelist": ["CVE-2015-6284"], "lastseen": "2018-04-07T12:12:13", "history": [{"differentElements": ["description"], "bulletin": {"published": "2015-09-16T16:00:00", "enchantments": {"score": {"value": 4.0, "modified": "2017-09-26T15:33:39", "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N/"}}, "id": "CISCO-SA-20150916-TPS", "objectVersion": "1.4", "title": "Cisco TelePresence Server Denial of Service Vulnerability", "bulletinFamily": "software", "viewCount": 0, "reporter": "Cisco", "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"], "affectedSoftware": [{"version": "any", "operator": "eq", "name": "Cisco TelePresence Server Software"}], "type": "cisco", "history": [], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "A vulnerability in the Conference Control Protocol API of Cisco TelePresence Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is likely to result in only a DoS condition due to input sanitization performed on the user-supplied data before it is copied into the affected buffer. An attacker could exploit this vulnerability by providing a crafted URL that is designed to trigger the overflow condition.\n\nCisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nCisco has released software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps\"]", "cvelist": ["CVE-2015-6284"], "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps", "modified": "2015-09-16T14:23:05", "lastseen": "2017-09-26T15:33:39"}, "lastseen": "2017-09-26T15:33:39", "edition": 1}], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "affectedSoftware": [{"version": "any", "operator": "eq", "name": "Cisco TelePresence Server Software"}], "_object_type": "robots.models.cisco.CiscoBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"]}
{"cve": [{"lastseen": "2017-04-18T15:57:54", "references": ["http://www.securitytracker.com/id/1033580", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"], "edition": 2, "description": "Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.", "reporter": "NVD", "published": "2015-09-20T10:59:02", "title": "CVE-2015-6284", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-6284"], "scanner": [], "modified": "2016-12-29T08:15:58", "cpe": ["cpe:/a:cisco:telepresence_server_software:3.0%282.49%29", "cpe:/a:cisco:telepresence_server_software:3.1%281.98%29", "cpe:/a:cisco:telepresence_server_software:3.1%281.80%29", "cpe:/a:cisco:telepresence_server_software:2.3%281.55%29", "cpe:/a:cisco:telepresence_server_software:4.1%281.79%29", "cpe:/a:cisco:telepresence_server_software:3.0%282.24%29", "cpe:/a:cisco:telepresence_server_software:3.1%281.95%29", "cpe:/a:cisco:telepresence_server_software:3.0%282.46%29", "cpe:/a:cisco:telepresence_server_software:3.1%281.96%29", "cpe:/a:cisco:telepresence_server_software:3.1%281.97%29", "cpe:/a:cisco:telepresence_server_software:3.1%281.82%29", "cpe:/a:cisco:telepresence_server_software:4.0%281.57%29", "cpe:/a:cisco:telepresence_server_software:4.0%282.8%29", "cpe:/a:cisco:telepresence_server_software:2.3%281.57%29", "cpe:/a:cisco:telepresence_server_software:3.0%282.48%29"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6284", "id": "CVE-2015-6284", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-16T16:54:02", "references": ["https://tools.cisco.com/bugsearch/bug/CSCuu28277", "http://www.nessus.org/u?2f991b4a"], "pluginID": "86123", "description": "According to the self-reported version, the Cisco TelePresence Server running on the remote host is affected by a buffer overflow condition in the Conference Control Protocol API due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted URL, to cause a denial of service.", "edition": 6, "reporter": "Tenable", "published": "2015-09-24T00:00:00", "title": "Cisco TelePresence Server Conference Control Protocol API URL Handling DoS (cisco-sa-20150916-tps)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CISCO", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6284"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/h:cisco:telepresence_server_on_virtual_machine", "cpe:/h:cisco:telepresence_server_on_multiparty_media_310", "cpe:/h:cisco:telepresence_server_7010", "cpe:/h:cisco:telepresence_server_on_multiparty_media_320", "cpe:/h:cisco:telepresence_server_mse_8710", "cpe:/a:cisco:telepresence_server_software"], "id": "CISCO_TELEPRESENCE_SERVER_SA_20150916_TPS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86123);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2015-6284\");\n script_bugtraq_id(76758);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuu28277\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150916-tps\");\n\n script_name(english:\"Cisco TelePresence Server Conference Control Protocol API URL Handling DoS (cisco-sa-20150916-tps)\");\n script_summary(english:\"Checks the software version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the self-reported version, the Cisco TelePresence Server\nrunning on the remote host is affected by a buffer overflow condition\nin the Conference Control Protocol API due to improper validation of\nuser-supplied input. An unauthenticated, remote attacker can exploit\nthis, via a crafted URL, to cause a denial of service.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f991b4a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCuu28277\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID\nCSCuu28277.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_server_software\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:telepresence_server_7010\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:telepresence_server_mse_8710\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:telepresence_server_on_multiparty_media_310\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:telepresence_server_on_multiparty_media_320\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:telepresence_server_on_virtual_machine\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_telepresence_server_detect.nasl\");\n script_require_keys(\"Cisco/TelePresence_Server/Version\", \"Cisco/TelePresence_Server/Model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\n\nmodel = get_kb_item_or_exit(\"Cisco/TelePresence_Server/Model\");\nversion = get_kb_item_or_exit(\"Cisco/TelePresence_Server/Version\");\nfullname = \"Cisco TelePresence \" + model;\n\nfix = '4.1(2.33)';\n\nif (cisco_gen_ver_compare(a:version, b:fix) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco TelePresence Server software\", version);\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-26T14:41:13", "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"], "pluginID": "1361412562310105378", "description": "Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.", "edition": 8, "reporter": "This script is Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-09-21T00:00:00", "title": "Cisco TelePresence Server Denial of Service Vulnerability ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CISCO", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6284"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310105378", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105378", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_telepresence_server_cisco-sa-20150916-tps.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco TelePresence Server Denial of Service Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cisco:telepresence_server_software\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105378\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 12106 $\");\n script_cve_id(\"CVE-2015-6284\");\n script_name(\"Cisco TelePresence Server Denial of Service Vulnerability \");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of the buffer overflow vulnerability may result in a crash of the server, resulting in a DoS condition.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This vulnerability is documented in Cisco bug ID CSCuu28277\");\n\n script_tag(name:\"solution\", value:\"Updates are available\");\n\n script_tag(name:\"summary\", value:\"Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\");\n\n script_tag(name:\"affected\", value:\"All releases of Cisco TelePresence Server software prior to 4.1(2.33) running on the following products are affected by this vulnerability:\n\nCisco TelePresence Server 7010\n\nCisco TelePresence Server MSE 8710\n\nCisco TelePresence Server on Multiparty Media 310\n\nCisco TelePresence Server on Multiparty Media 320\n\nCisco TelePresence Server on Virtual Machine\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-21 12:52:46 +0200 (Mon, 21 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_telepresence_server_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"cisco_telepresence_server/installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\nif( ! model = get_kb_item( \"cisco_telepresence_server/model\" ) ) exit( 0 );\n\nif( model !~ '^7010$' && model !~ '^8710$' && model !~ 'Media 3(1|2)0' && model != \"VM\" ) exit( 99 );\n\nfix = '4.1.2.33';\nreport_fix = '4.1(2.33)';\nreport_vers = vers;\n\nvers = str_replace( string:vers, find:\"(\", replace:\".\" );\nvers = str_replace( string:vers, find:\")\", replace:\"\" );\n\nif( version_is_less( version:vers, test_version: fix ) )\n{\n report = 'Installed version: ' + report_vers + '\\n' +\n 'Fixed version: ' + report_fix + '\\n' +\n 'Model: ' + model + '\\n';\n\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "references": [], "description": "Conference Control Protocol API buffer overflow.", "edition": 1, "reporter": "CISCO", "published": "2015-10-12T00:00:00", "title": "Cisco TelePresence Server DoS", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "TelePresence Server", "version": "4.1", "operator": "eq"}], "cvelist": ["CVE-2015-6284"], "modified": "2015-10-12T00:00:00", "id": "SECURITYVULNS:VULN:14723", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14723", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
