Denial of Service Vulnerability in Cisco TelePresence Products
CVE-2015-0652

Currently unrated

Key Information:

Vendor: Cisco
Status: Expressway Software; Telepresence Conductor; Telepresence Video Communication Server Software
Vendor: CVE Published:; 13 March 2015

Summary

The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server and Cisco Expressway prior to version X8.2, as well as Cisco TelePresence Conductor before XC2.4, contains a flaw that allows remote attackers to exploit crafted media descriptions. This exploitation can lead to a denial of service, causing the affected device to mishandle exceptions and ultimately reload. This presents a significant risk to users reliant on video communication systems, as service interruptions can affect business operations and communication reliability.

References

http://www.securitytracker.com/id/1031910

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Mar 13, 2015
Vulnerability Reserved
Jan 7, 2015