Cisco-SA-20130701-CVE-2013-3401

Cisco TC Software SIP Implementation Vulnerability

Cisco-SA-20130701-CVE-2013-3401 · Medium · Published 12 years ago · Updated 12 years ago

A vulnerability in the Session Initiation Protocol (SIP) implementation used in TC Software could allow an unauthenticated, remoteattacker to cause an endpoint to process unintended SIP NOTIFY messages. The vulnerability is due to errors in the SIP implementation. An attacker could exploit this vulnerability to cause the generation of unintended NOTIFY messages that may affect the integrity of communications. Cisco has confirmed this vulnerability in a security notice and software updates are available. To exploit this vulnerability, an attacker would likely need access to trusted, internal networks in which the targeted device may reside. This access requirement decreases the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to apply the appropriate updates.

CVEs	CVE-2013-3401
Cisco Bug IDs	CSCud96080
CVSS Score	Base 4.3 Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source	Cisco TelePresence TC Software

Related Products

Product	CVE	Evidence
Cisco TelePresence TC Software	CVE-2013-3401	Cisco OpenVuln
Cisco TelePresence	CVE-2013-3401	Cisco OpenVuln

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco TC Software SIP Implementation Vulnerability

Workarounds

Related Products