CVE-2015-0652 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2015-0652?

CVE-2015-0652 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-0652?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Expressway Software, Cisco Telepresence Conductor, Cisco Telepresence Video Communication Server Software.

Vulnerability Description

The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Expressway Software	<= x8.1.1
Cisco	Telepresence Conductor	<= xc2.4
Cisco	Telepresence Video Communication Server Software	<= x8.1.1

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2015-0652?

CVE-2015-0652 is a vulnerability with a CVSS score of 7.8 (HIGH). The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remot...

How severe is CVE-2015-0652?

CVE-2015-0652 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0652?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Expressway Software, Cisco Telepresence Conductor, Cisco Telepresence Video Communication Server Software.