Cisco TelePresence MCU Software Memory Exhaustion

high Nessus Plugin ID 78624

Synopsis

The remote device is affected by a flaw that can allow a denial of service via memory exhaustion.

Description

According to the self-reported version, returned by either the SNMP or FTP service running on the remote device, the Cisco TelePresence MCU software is affected by a vulnerability that can allow a remote, unauthenticated attacker to cause a denial of service via memory exhaustion.

Solution

Upgrade to the appropriate software version per the vendor's advisory.

See Also

http://www.nessus.org/u?0066b9a6

https://tools.cisco.com/bugsearch/bug/CSCtz35468

Plugin Details

Severity: High

ID: 78624

File Name: cisco_telepresence_mcu_sa_20141015.nasl

Version: 1.6

Type: remote

Family: CISCO

Published: 10/22/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/h:cisco:telepresence_mcu_4203, cpe:/h:cisco:telepresence_mcu_4205, cpe:/h:cisco:telepresence_mcu_4210, cpe:/h:cisco:telepresence_mcu_4215, cpe:/h:cisco:telepresence_mcu_4220, cpe:/h:cisco:telepresence_mcu_4505, cpe:/h:cisco:telepresence_mcu_4510, cpe:/h:cisco:telepresence_mcu_4515, cpe:/h:cisco:telepresence_mcu_4520, cpe:/h:cisco:telepresence_mcu_mse_8420, cpe:/a:cisco:telepresence_mcu_mse_series_software:4.3%282.18%29, cpe:/a:cisco:telepresence_mcu_4500_series_software:4.3%282.18%29

Required KB Items: Cisco/TelePresence_MCU/Device, Cisco/TelePresence_MCU/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/15/2014

Vulnerability Publication Date: 10/15/2014

Reference Information

CVE: CVE-2014-3397

BID: 70591

CISCO-SA: cisco-sa-20141015-mcu

CISCO-BUG-ID: CSCtz35468