Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 Tenable Network Security, Inc.CISCO_TELEPRESENCE_CONDUCTOR_SA_CSCUN73192.NASL
HistoryMar 19, 2015 - 12:00 a.m.

Cisco TelePresence Conductor SDP Media Description Vulnerability

2015-03-1900:00:00
This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.
www.tenable.com
11

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

56.0%

JSON

According to its self-reported version number, the Cisco TelePresence Conductor on the remote host contains an vulnerability related to the Session Description Protocol (SDP) packet handler function. A remote, unauthenticated attacker, using a crafted SDP packet to trigger a reload, can exploit this to cause a denial of service.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81952);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2015-0652");
  script_bugtraq_id(73047);
  script_xref(name:"CISCO-BUG-ID", value:"CSCun73192");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20150311-vcs");

  script_name(english:"Cisco TelePresence Conductor SDP Media Description Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Cisco TelePresence
Conductor on the remote host contains an vulnerability related to the
Session Description Protocol (SDP) packet handler function. A remote,
unauthenticated attacker, using a crafted SDP packet to trigger a
reload, can exploit this to cause a denial of service.");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCun73192");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3ed34af5");
  script_set_attribute(attribute:"solution", value:
"Upgrade to version 2.4 later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/19");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:telepresence_conductor");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.");

  script_dependencies("cisco_telepresence_conductor_detect.nbin");
  script_require_keys("Host/Cisco_TelePresence_Conductor/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

prod = "Cisco TelePresence Conductor";
version = get_kb_item_or_exit("Host/Cisco_TelePresence_Conductor/Version");

# XC2.4PreAlpha0 is listed as vuln,
# however it is unclear what such a
# version string would look like;
# omitted for now.
if (
  version =~ "^1(\.|$)"        ||
  version =~ "^2\.[0-3](\.|$)"
)
{
  if (report_verbosity > 0)
  {
    report = '\n  Installed version : ' + version +
             '\n  Fixed versions    : 2.4' +
             '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, prod, version);
VendorProductVersionCPE
ciscotelepresence_conductorcpe:/a:cisco:telepresence_conductor

Related

cve 1
cvelist 1
prion 1
nessus 1
nvd 1
securityvulns 1
cisco 1
cve
cve
CVE-2015-0652
2015-03-13 01:59:31
cvelist
cvelist
CVE-2015-0652
2015-03-13 01:00:00
prion
prion
Session fixation
2015-03-13 01:59:00
nessus
nessus
Cisco TelePresence VCS / Expressway Series < 8.2 SDP Media Description Vulnerability
2015-03-19 00:00:00
nvd
nvd
CVE-2015-0652
2015-03-13 01:59:31
securityvulns
securityvulns
Cisco Telepresence / Cisco Expressway security vulnerabilities
2015-03-16 00:00:00
cisco
cisco
Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor
2015-03-11 16:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

56.0%

JSON
Related for CISCO_TELEPRESENCE_CONDUCTOR_SA_CSCUN73192.NASL
cve1cvelist1prion1nessus1nvd1securityvulns1cisco1