Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco TelePresence Multipoint Control Unit Denial of Service Vulnerability

Cisco-SA-20150217-CVE-2015-0621 · Medium · Published · Updated

A vulnerability in the Cisco TelePresence multipoint control unit (MCU) could allow an unauthenticated, remote attacker to trigger a reload of an affected system. The vulnerability is due to insufficient sanitization of TCP packets. An attacker could exploit this vulnerability by sending a sequence of TCP packets to the affected system. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send a sequence of TCP packets to the targeted system. This access requirement may reduce the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators can help protect affected systems from external attacks by using a solid firewall strategy.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-0621
Cisco Bug IDsCSCur50347
CVSS ScoreBase 5.4
Base 5.4 AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco TelePresence MCU Software

Related Products

Product CVE Evidence
Cisco TelePresence MCU Software CVE-2015-0621 Cisco OpenVuln
Cisco TelePresence CVE-2015-0621 Cisco OpenVuln