Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability

cisco-sa-20160406-cts2 · High · Published · Updated

A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability by submitting malformed STUN packets to the device. If successful, the attacker could force the device to reload and drop all calls in the process. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2015-6312
Cisco Bug IDsCSCuv01348
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco TelePresence Server Software, Cisco TelePresence Server

Related Products

Product CVE Evidence
Cisco TelePresence Server Software CVE-2015-6312 Cisco OpenVuln
Cisco TelePresence Server CVE-2015-6312 Cisco OpenVuln
Cisco TelePresence CVE-2015-6312 Cisco OpenVuln