CVE-2013-1176

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-1176
The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448.

7.1 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.1\(1.51\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.1\(1.59\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.2\(1.43\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.2\(1.46\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.2\(1.50\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4500_series_software:4.3\(1.68\):*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:telepresence_mcu_4505:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_mcu_4510:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_mcu_4515:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_mcu_4520:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.1\(1.51\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.1\(1.59\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.2\(1.43\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.2\(1.46\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.2\(1.50\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_4501_series_software:4.3\(1.68\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_mcu_4501:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.1\(1.51\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.1\(1.59\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.2\(1.43\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.2\(1.46\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.2\(1.50\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_mcu_mse_series_software:4.3\(1.68\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_mcu_mse_8510:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:cisco:telepresence_server_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_server_software:2.1\(1.33\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_server_software:2.1\(1.37\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_server_software:2.2\(1.43\):*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2013-04-18 18:55

Updated : 2013-04-19 04:00

NVD link : CVE-2013-1176

Mitre link : CVE-2013-1176

CVE.ORG link : CVE-2013-1176

JSON object : View

Products Affected

cisco

  • telepresence_mcu_mse_8510
  • telepresence_mcu_4501_series_software
  • telepresence_mcu_mse_series_software
  • telepresence_server_7010
  • telepresence_mcu_4515
  • telepresence_mcu_4510
  • telepresence_mcu_4520
  • telepresence_mcu_4501
  • telepresence_server_mse_8710
  • telepresence_mcu_4505
  • telepresence_server_software
  • telepresence_mcu_4500_series_software
CWE
CWE-20

Improper Input Validation