Vulnerability Details : CVE-2015-0652
The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192.
Vulnerability category: Denial of service
Products affected by CVE-2015-0652
- cpe:2.3:a:cisco:telepresence_video_communication_server_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:expressway_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_conductor:*:prealpha0:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0652
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0652
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2015-0652
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0652
-
http://www.securitytracker.com/id/1031910
Cisco TelePresence VCS and Conductor SDP Processing Flaw Lets Remote Users Deny Service and Authentication Flaw Lets Remote Users Access the System - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs
Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence ConductorVendor Advisory
Jump to