Denial of Service Vulnerability in Cisco TelePresence MCU Software
CVE-2014-3397

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Mcu Software
Vendor: CVE Published:; 19 October 2014

What is CVE-2014-3397?

The network stack in Cisco TelePresence MCU Software versions prior to 4.3(2.30) is vulnerable to a denial of service attack. This can be exploited by remote attackers sending specially crafted TCP packets, which result in excessive memory consumption. Consequently, this may disrupt the normal operation of the affected software, leading to service outages.

References

http://secunia.com/advisories/60855

third-party-advisoryx_refsource_SECUNIA

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2014
Vulnerability Reserved
May 7, 2014