CVE-2015-6313 - OpenCVE

Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Zzinc	Keymouse Firmware
Cisco	Telepresence Server On Virtual Machine Telepresence Server On Multiparty Media 310 Telepresence Server Mse 8710 Telepresence Server 7010 Telepresence Server On Multiparty Media 320 Telepresence Server On Multiparty Media 820
Zyxel	Gs1900-10hp Firmware
Sun	Opensolaris

Configuration 1 [-]

AND

OR	cpe:2.3:o:sun:opensolaris:snv_124::sparc:::::
	cpe:2.3:o:zyxel:gs1900-10hp_firmware::::::::
	cpe:2.3:o:zzinc:keymouse_firmware:3.08:::::windows::

OR	cpe:2.3:h:cisco:telepresence_server_7010:-:::::::*
	cpe:2.3:h:cisco:telepresence_server_mse_8710:-:::::::*
	cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:::::::*
	cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:::::::*
	cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_820:-:::::::*
	cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:::::::*

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1	Vendor Advisory
http://www.securitytracker.com/id/1035501

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2016-04-06T23:00:00

Updated: 2016-11-30T18:57:01

Reserved: 2015-08-17T00:00:00

Link: CVE-2015-6313

JSON object: View

NVD Information

Status : Modified

Published: 2016-04-06T23:59:01.283

Modified: 2016-12-03T03:11:42.573

Link: CVE-2015-6313

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-06T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-30T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1035501", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035501"}, {"name": "20160406 Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-6313", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1035501", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035501"}, {"name": "20160406 Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-6313", "datePublished": "2016-04-06T23:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2016-11-30T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true}, {"criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "983E3CC5-7B3A-467A-A482-0D19792CB55E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*", "matchCriteriaId": "411829A8-56C6-4851-8063-97F03C7B66B2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*", "matchCriteriaId": "51463F95-8A40-47CC-A0FD-B8F0ED16C39F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*", "matchCriteriaId": "7792A73D-C38F-44E6-A660-6CDB0955EC69", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_820:-:*:*:*:*:*:*:*", "matchCriteriaId": "242B17EF-773A-4629-80AC-D3B4E476B56F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "18C16ABE-9BA2-4852-9B12-70BA6A1D50C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565."}, {"lang": "es", "value": "Cisco TelePresence Server 4.1(2.29) hasta la versi\u00f3n 4.2(4.17) sobre dispositivos 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320 y 820; y Virtual Machine (VM) permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria o recarga de dispositivo) a trav\u00e9s de peticiones HTTP que no van seguidas de una negociaci\u00f3n no especificada, tambi\u00e9n conocido como Bug ID CSCuv47565."}], "id": "CVE-2015-6313", "lastModified": "2016-12-03T03:11:42.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-06T23:59:01.283", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035501"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}