// For flags

CVE-2015-0652

 

Severity Score

7.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192.

La implementación Session Description Protocol (SDP) en Cisco TelePresence Video Communication Server (VCS) y Cisco Expressway anterior a X8.2 y Cisco TelePresence Conductor anterior a XC2.4 permite a atacantes remotos causar una denegación de servicio (excepción mal manejado y recarga de dispositivo) a través de una descripción de medios manipulada, también conocido como Bug IDs CSCus96593 y CSCun73192.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-01-07 CVE Reserved
  • 2015-03-13 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Expressway Software
Search vendor "Cisco" for product "Expressway Software"
<= x8.1.1
Search vendor "Cisco" for product "Expressway Software" and version " <= x8.1.1"
-
Affected
Cisco
Search vendor "Cisco"
Telepresence Conductor
Search vendor "Cisco" for product "Telepresence Conductor"
<= xc2.4
Search vendor "Cisco" for product "Telepresence Conductor" and version " <= xc2.4"
prealpha0
Affected
Cisco
Search vendor "Cisco"
Telepresence Video Communication Server Software
Search vendor "Cisco" for product "Telepresence Video Communication Server Software"
<= x8.1.1
Search vendor "Cisco" for product "Telepresence Video Communication Server Software" and version " <= x8.1.1"
-
Affected