CVSS: 7.8EPSS: 0%CPEs: 67EXPL: 0CVE-2017-6648
https://notcve.org/view.php?id=CVE-2017-6648
A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. • http://www.securityfocus.com/bid/98934 http://www.securitytracker.com/id/1038624 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2017-3825
https://notcve.org/view.php?id=CVE-2017-3825
A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. • http://www.securityfocus.com/bid/98293 http://www.securitytracker.com/id/1038392 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0CVE-2015-0770
https://notcve.org/view.php?id=CVE-2015-0770
CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. Vulnerabilidad de inyección CRLF en Cisco TelePresence TC 6.x anterior a 6.3.4 y 7.x anterior a 7.3.3 en los dispositivos Integrator C SX20 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de la división de respuestas HTTP a través de una URL manipulada, también conocido como Bug ID CSCut79341. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39210 http://www.securitytracker.com/id/1032511 • CWE-20: Improper Input Validation CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2015-0722
https://notcve.org/view.php?id=CVE-2015-0722
The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952. Los controladores de red en Cisco TelePresence T, Cisco TelePresence TE, y Cisco TelePresence TC anterior a 7.3.2 permiten a atacantes remotos causar una denegación de servicio (reinicio de proceso o recarga de dispositivo) a través de una inundación de paquetes IP manipulados, también conocido como Bug ID CSCuj68952. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc • CWE-399: Resource Management Errors •