Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco TelePresence Multipoint Switch Media Snapshot Denial of Service Vulnerability

Cisco-SA-20130930-CVE-2013-5516 · Medium · Published · Updated

A vulnerability in the Media Snapshot code of Cisco TelePresence Multipoint Switch (CTMS) could allow an authenticated, remote attacker to cause the reload of the affected system, creating a denial of service (DoS) condition. The vulnerability is due to a failure in handling requests for Media Snapshot while the meeting is terminated. An attacker could exploit this vulnerability by sending continuous requests for Media Snapshot. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. To exploit this vulnerability, an attacker must be able to send continuous requests to the targeted device, which may reside on trusted, internal networks that the attacker would likely need to access. In addition, the attacker must be able to authenticate to the targeted device. These access requirements may reduce the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-5516
Cisco Bug IDsCSCuh44796
CVSS ScoreBase 6.3
Base 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C/E:F/RL:U/RC:C
Product Names From Source
Cisco TelePresence Multipoint Switch

Related Products

Product CVE Evidence
Cisco TelePresence Multipoint Switch CVE-2013-5516 Cisco OpenVuln
Cisco TelePresence CVE-2013-5516 Cisco OpenVuln