7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.012 Low
EPSS
Percentile
85.3%
A vulnerability in Cisco TelePresence Server devices running software versions 4.1(2.29) through 4.2(4.17) could allow an unauthenticated, remote attacker to cause the device to reload.
The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by sending multiple URL requests to an affected device. The requests will eventually time out because negotiation from the client does not occur; however, each request consumes additional memory, resulting in memory exhaustion that causes the device to crash. If successful, the attacker could utilize all available memory resources, causing the device to reload.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1”]
CPE | Name | Operator | Version |
---|---|---|---|
cisco telepresence server software | eq | any | |
cisco telepresence server software | eq | any |
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.012 Low
EPSS
Percentile
85.3%