CVE-2014-0662 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2014-0662?

CVE-2014-0662 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0662?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence Video Communication Server Software, Cisco Telepresence Video Communication Servers Software.

Vulnerability Description

The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.

CVSS Score

7.1

HIGH

AV:N/AC:M/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Telepresence Video Communication Server Software	<= x7.2.2
Cisco	Telepresence Video Communication Servers Software	x7.0

Related Weaknesses (CWE)

CWE-20

References

http://osvdb.org/102363Broken Link
http://secunia.com/advisories/56592Permissions Required
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409Vendor Advisory
http://www.securityfocus.com/bid/65076Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1029655Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/90621
http://osvdb.org/102363Broken Link
http://secunia.com/advisories/56592Permissions Required
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409Vendor Advisory
http://www.securityfocus.com/bid/65076Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1029655Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/90621

FAQ

What is CVE-2014-0662?

CVE-2014-0662 is a vulnerability with a CVSS score of 7.1 (HIGH). The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632...

How severe is CVE-2014-0662?

CVE-2014-0662 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0662?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence Video Communication Server Software, Cisco Telepresence Video Communication Servers Software.