CVE-2013-1176

Published Apr 18, 2013

Last updated 3 months ago

CVSS info 7.1

Overview

Description: The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 6.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Evaluator

Comment: -
Impact: Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi 'Vulnerable Products The following Cisco TelePresence Infrastructure products are affected by this vulnerability: Cisco TelePresence MCU 4501 Series, MCU 4500 Series and Cisco TelePresence MCU MSE 8510 versions 4.3(2.18) and earlier Cisco TelePresence Server versions 2.2(1.54) and earlier'
Solution: Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi 'Vulnerable Products The following Cisco TelePresence Infrastructure products are affected by this vulnerability: Cisco TelePresence MCU 4501 Series, MCU 4500 Series and Cisco TelePresence MCU MSE 8510 versions 4.3(2.18) and earlier Cisco TelePresence Server versions 2.2(1.54) and earlier'

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E8F4FBB-E964-4321-AB35-E16ABA3F5034",
            "versionEndIncluding": "4.3\\(2.18\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.1\\(1.51\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "795D8FB0-600A-4EF1-B97E-55B526AA5505"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.1\\(1.59\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFEEEBC8-9B0D-4B17-827A-FBEA7643AB86"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.2\\(1.43\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "124EDEE8-9515-4178-AFC0-B1F2FA34388A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.2\\(1.46\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB48A28E-4BBD-477B-A96B-B99879198583"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.2\\(1.50\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C0C6D91-2585-4531-AA86-1DBDE85F6B4D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.3\\(1.68\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D00A572-D5EC-4186-809B-4C66E9147F91"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:telepresence_mcu_4505:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5574D81E-25A1-477A-978C-109D667771A8"
          },
          {
            "criteria": "cpe:2.3:h:cisco:telepresence_mcu_4510:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96560014-147A-4AE1-A215-E2F04B3AD7C6"
          },
          {
            "criteria": "cpe:2.3:h:cisco:telepresence_mcu_4515:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72129DF6-D50B-46D8-84EA-95E65D86FF62"
          },
          {
            "criteria": "cpe:2.3:h:cisco:telepresence_mcu_4520:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11C64580-60FB-40CB-968A-1737E59A1E6F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57751069-E382-4004-8B76-5296243F43A7",
            "versionEndIncluding": "4.3\\(2.18\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.1\\(1.51\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A667D636-560E-4CED-864E-B23AEC62C1F2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.1\\(1.59\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3A8B1D8-1CF0-4B3B-A9C9-581199F24588"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.2\\(1.43\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E57DAE9-4E29-4585-AEE5-B4806A9429AA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.2\\(1.46\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "053A2E65-8427-43DE-B126-744EDCE7767A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.2\\(1.50\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67BEE259-94FF-4C6C-8881-D39B44C241CD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.3\\(1.68\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41C17A23-E669-4D11-AC8F-ACBBC7D94A0B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:telepresence_mcu_4501:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B739B1A-89D5-48EF-829E-E52AF298D840"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E55AE599-11DB-4688-A384-D11CC31247A1",
            "versionEndIncluding": "4.3\\(2.18\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.1\\(1.51\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3494A9FA-2470-4A8D-A2ED-40A8711961F3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.1\\(1.59\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC10B558-661C-4AB8-97C8-7CE6FDBD6262"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.2\\(1.43\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5112E0B4-690D-4159-A1A8-7078FACF25BE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.2\\(1.46\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CADE4238-16ED-4D5C-AD8A-EFB63511E034"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.2\\(1.50\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C33BCB3F-9C7F-478A-BC9B-BD6935FF2E64"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.3\\(1.68\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BC9217A-F120-4811-B854-3DDA58E27FF2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:telepresence_mcu_mse_8510:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "738ED7C7-98D6-4BD5-9115-48405F350CC9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_server_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77E008F3-B240-4699-A7E2-6E3BD1C87812",
            "versionEndIncluding": "2.2\\(1.54\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.1\\(1.33\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4987F125-01CF-4D17-AF4C-E1F4BB977039"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.1\\(1.37\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB6EAFBB-5B0A-43E0-A7A7-8B2C17033301"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_server_software:2.2\\(1.43\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B029054E-5575-40DA-B9C0-C45A0E938D8E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "983E3CC5-7B3A-467A-A482-0D19792CB55E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "411829A8-56C6-4851-8063-97F03C7B66B2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References