CVE-2015-0652

2015-03-1301:59:31

CWE-20

[email protected]

web.nvd.nist.gov

cisco

telepresence

vcs

expressway

sdp

dos

cve-2015-0652

nvd

cisco telepresence conductor

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.2%

JSON

The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192.

Affected configurations

NVD

Node

ciscoexpressway_softwareRange≤x8.1.1

ciscotelepresence_conductorRange≤xc2.4prealpha0

ciscotelepresence_video_communication_server_softwareRange≤x8.1.1

CPENameOperatorVersion
cisco:expressway_softwarecisco expressway softwarelex8.1.1
cisco:telepresence_conductorcisco telepresence conductorlexc2.4
cisco:telepresence_video_communication_server_softwarecisco telepresence video communication server softwarelex8.1.1

CPE	Name	Operator	Version
cisco:expressway_software	cisco expressway software	le	x8.1.1
cisco:telepresence_conductor	cisco telepresence conductor	le	xc2.4
cisco:telepresence_video_communication_server_software	cisco telepresence video communication server software	le	x8.1.1