Vulnerability Name:

CVE-2015-6313 (CCN-112011)

Assigned:2015-08-17
Published:2016-04-06
Updated:2016-12-03
Summary:Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2015-6313

Source: CISCO
Type: Vendor Advisory
20160406 Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1035501

Source: XF
Type: UNKNOWN
cisco-telepresence-cve20156313-dos(112011)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20160406-cts
Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:telepresence_server_software:4.1(2.29):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_server_software:4.1(2.33):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_server_software:4.2(4.17):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_server_on_multiparty_media_820:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco telepresence server software 4.1(2.29)
    cisco telepresence server software 4.1(2.33)
    cisco telepresence server software 4.2(4.17)
    cisco telepresence server 7010 -
    cisco telepresence server mse 8710 -
    cisco telepresence server on multiparty media 310 -
    cisco telepresence server on multiparty media 320 -
    cisco telepresence server on multiparty media 820 -
    cisco telepresence server on virtual machine -