CVE-2015-6313 : Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services

Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.

Published 2016-04-06 23:59:01

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-6313

SUN » Opensolaris » Version: Snv 124 Sparc Edition
cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*
Matching versions
When used together with: Cisco » Telepresence Server 7010 » Version: N/A
When used together with: Cisco » Telepresence Server Mse 8710 » Version: N/A
When used together with: Cisco » Telepresence Server On Multiparty Media 310 » Version: N/A
When used together with: Cisco » Telepresence Server On Multiparty Media 320 » Version: N/A
When used together with: Cisco » Telepresence Server On Multiparty Media 820 » Version: N/A
When used together with: Cisco » Telepresence Server On Virtual Machine » Version: N/A
Zyxel » Gs1900-10hp Firmware
Versions before (<) 2.50\(aazi.0\)c0
cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Telepresence Server 7010 » Version: N/A
When used together with: Cisco » Telepresence Server Mse 8710 » Version: N/A
When used together with: Cisco » Telepresence Server On Multiparty Media 310 » Version: N/A
When used together with: Cisco » Telepresence Server On Multiparty Media 320 » Version: N/A
When used together with: Cisco » Telepresence Server On Multiparty Media 820 » Version: N/A
When used together with: Cisco » Telepresence Server On Virtual Machine » Version: N/A
Zzinc » Keymouse Firmware » Version: 3.08 For Windows
cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*
Matching versions
When used together with: Cisco » Telepresence Server 7010 » Version: N/A
When used together with: Cisco » Telepresence Server Mse 8710 » Version: N/A
When used together with: Cisco » Telepresence Server On Multiparty Media 310 » Version: N/A
When used together with: Cisco » Telepresence Server On Multiparty Media 320 » Version: N/A
When used together with: Cisco » Telepresence Server On Multiparty Media 820 » Version: N/A
When used together with: Cisco » Telepresence Server On Virtual Machine » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2015-6313

EPSS FAQ

0.54%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-6313

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2015-6313

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-6313

http://www.securitytracker.com/id/1035501

Cisco TelePresence HTTP Parsing Bug Lets Remote Users Consume Excessive Memory Resources - SecurityTracker
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1

Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2015-6313

Products affected by CVE-2015-6313

Exploit prediction scoring system (EPSS) score for CVE-2015-6313

CVSS scores for CVE-2015-6313

CWE ids for CVE-2015-6313

References for CVE-2015-6313