Vulnslist

find the latest Cisco vulnerabilities

Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor

cisco-sa-20150311-vcs · Critical · Published · Updated

Cisco TelePresence Video Communication Server (VCS), Cisco Expressway and Cisco TelePresence Conductor contain the following vulnerabilities: SDP Media Description Denial of Service Vulnerability Authentication Bypass Vulnerability Successful exploitation of the SDP Media Description Denial of Service Vulnerability may cause the affected system to reload. Successful exploitation of the Authentication Bypass Vulnerability may allow an attacker to bypass authentication and log in to the system with the privileges of an administrator. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that mitigate the vulnerabilities described in this advisory.

Additional mitigations that can be deployed on Cisco devices within the
network are available in the Cisco Applied Intelligence companion
document for this advisory:

http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=37541[" http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=37541"]

["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone#workarounds"]

CVEsCVE-2015-0652, CVE-2015-0653
Cisco Bug IDsCSCun73192, CSCur02680, CSCur05556, CSCus96593
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco TelePresence Video Communication Server (VCS), Cisco Expressway, Cisco Telepresence Conductor

Related Products

Product CVE Evidence
Cisco Telepresence Conductor CVE-2015-0653 Cisco OpenVuln
Cisco Telepresence Conductor CVE-2015-0652 Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) CVE-2015-0653 Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) CVE-2015-0652 Cisco OpenVuln
Cisco TelePresence CVE-2015-0653 Cisco OpenVuln
Cisco TelePresence CVE-2015-0652 Cisco OpenVuln
Cisco Expressway CVE-2015-0653 Cisco OpenVuln
Cisco Expressway CVE-2015-0652 Cisco OpenVuln