Vulnslist

find the latest Cisco vulnerabilities

Cisco Digital Content Manager Message Processing Denial of Service Vulnerability

Cisco-SA-20150701-CVE-2015-4228 · Medium · Published · Updated

A vulnerability in Cisco Digital Content Manager (DCM) could allow an unauthenticated, remote attacker to crash the system mainboard.   The vulnerability is due to the DCM receiving malformed ad messages from the ad server, which could trigger a system reboot. An attacker could exploit this vulnerability by sending malicious ad messages to the DCM. A successful exploit could cause the system to reboot, resulting in a denial of service (DoS) condition. Cisco has confirmed the vulnerability and released software updates. To exploit this vulnerability, the attacker must obtain information about the operating environment and the system must be configured in a way rarely seen in practice. The attacker may use social engineering techniques to attempt to obtain information about the operating environment in which the targeted system resides. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-4228
Cisco Bug IDsCSCur13999
CVSS ScoreBase 5.4
Base 5.4 AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Digital Content Manager (DCM) Software

Related Products

Product CVE Evidence
Cisco Digital Content Manager (DCM) Software CVE-2015-4228 Cisco OpenVuln