Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco TelePresence System t-shell Denial of Service Vulnerability

Cisco-SA-20130529-CVE-2013-1246 · Medium · Published · Updated

A vulnerability in the t-shell implementation of Cisco TelePresence System Software could allow an authenticated, remote attacker to exhaust the available memory and create a denial of service (DoS) condition. The vulnerability is due to improper handling of orphaned t-shell sessions. An attacker could exploit this vulnerability by opening several Secure Shell (SSH) sessions with the affected system. An exploit could allow the attacker to consume available memory; therefore, the affected system may become unreachable and unable to function properly. A hard reboot is needed to restore complete functionality. Cisco has confirmed the vulnerability in a Security Notice and software updates are available. To exploit this vulnerability, the attacker must authenticate to a targeted system. This access requirement limits the possibility of a successful exploit. Customers are advised to review the bug report in the "Vendor Announcements" section for a current list of affected versions. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-1246
Cisco Bug IDsCSCug77610
CVSS ScoreBase 6.8
Base 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco TelePresence System Software

Related Products

Product CVE Evidence
Cisco TelePresence System Software CVE-2013-1246 Cisco OpenVuln
Cisco TelePresence CVE-2013-1246 Cisco OpenVuln