Vulnerabilites related to cisco - telepresence_ce_software
CVE-2017-6648 (GCVE-0-2017-6648)
Vulnerability from cvelistv5
Published
2017-06-08 13:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco TelePresence Endpoint Denial of Service Vulnerability |
Version: Cisco TelePresence Endpoint Denial of Service Vulnerability |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele"
},
{
"name": "98934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98934"
},
{
"name": "1038624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco TelePresence Endpoint Denial of Service Vulnerability",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco TelePresence Endpoint Denial of Service Vulnerability"
}
]
}
],
"datePublic": "2017-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele"
},
{
"name": "98934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98934"
},
{
"name": "1038624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Endpoint Denial of Service Vulnerability",
"version": {
"version_data": [
{
"version_value": "Cisco TelePresence Endpoint Denial of Service Vulnerability"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele"
},
{
"name": "98934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98934"
},
{
"name": "1038624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6648",
"datePublished": "2017-06-08T13:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-06-08 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_ce_software:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7981082F-B80B-49A5-8AAE-BFA377ED9460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21D19C90-19D2-46E5-BDA7-F7125F7A2878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:3.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "E88E8ECB-9A40-4B2A-B1E1-EB9CB69D322A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "357A8344-F77C-4D95-AFFC-930E3E177630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "052FEBF8-B775-4D8E-B958-A6A17E4DFA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9747F834-034D-438B-8BE5-5B2BDD8FFA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:4.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "03F8F06D-174D-4FEB-880F-825019FF2415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF142C-42C7-4BD0-9C30-C3B044F6BA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72362874-2BF7-48D4-9C3E-1DC151AA118B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2974B301-5F64-453C-A2A6-E231A998F9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE3BCD5-7472-45A2-8F62-834A90941EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB81C8F-46C1-4A87-B5B5-E63AE9654399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:4.2_base:*:*:*:*:*:*:*",
"matchCriteriaId": "A6349908-7468-43BA-ACF2-4166FC95405C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A19AC9B-91B4-4691-BFB7-BEC9A3CD2678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.0.2-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "47981023-90C1-46D1-BCD6-6BE64364C5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "83DB0369-FA22-43FE-9E0B-B370B44490B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A94F378C-506E-4C0A-A23A-1F71ABDBD7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.3-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "982DC39F-5FA0-4450-8C36-447270BFFC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB451E1B-9B64-434B-BA1E-FFE9CD472CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.4-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "536F8A9D-59C6-42E4-B672-8B1D909F8535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D46D718-4708-4018-A1E2-2094519E9E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.5-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1B1533-30F2-40AB-8429-2E7606EC06CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "079634DC-D13E-41A3-87E0-F694C3315647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.6-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "32B5EEDB-7471-45C2-956B-466626E9EDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "36912424-2973-4550-9EFD-FC344EC55933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.7-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "9729B0D4-F6E5-4683-947B-D73C6B147897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9C5EE1-0733-499E-92D0-4CFFFD370E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9B046A6F-BEAA-4052-8896-0FA33B6BEEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "BC20694E-FD91-4932-9AB5-1E1C8DD01BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "856DDAE1-C3E6-4F70-946B-515F7B308517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.0.0-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "B9056D02-E7C8-47B3-8CEF-E485CA6EC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5198E89F-9F04-4C1E-9EA9-EFE2C118788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.0.1-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "70496628-EF39-4E54-BC9E-E2D9BDC00C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E50B4A0E-7851-4C1A-AAA7-2E4EF655056D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5A78C8-E5BA-44B8-91EE-B07E400EE7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F177059-DA78-4F84-AA72-B6C5CA212BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "01392813-2BC7-4A4E-AF57-443E886E2643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B421E06-5487-48FA-A602-2EC81C31F341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.1.0-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "33CFCB77-65F1-48BF-8057-1F9C56BF7DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F940F7CF-D091-4212-8E9C-0FD538F00992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.1.1-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "9D68BFBE-50A4-4565-BCDA-29BF2B5B962C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3C002A-8EA4-4731-A546-CA16E4D0BD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.1.2-cucm:*:*:*:*:*:*:*",
"matchCriteriaId": "4C12DD1C-DF28-4B4B-93FB-6E346D810BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DD8580-644F-4640-8127-CC345DC5CDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B32A35F-D1AF-490E-A1CB-612E5BC2E9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "62C20678-F9B0-488C-B1B4-C04005F5E3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB861F3A-CA8F-493B-B63E-C27007D7A498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A72D4048-53D6-4B3A-8148-4C7F5354D3EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49545BCD-C2F3-46EC-9F77-34639054E46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB8B703-A9BD-4A63-BC62-3F031440B00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "739D968B-C97E-4C1D-A4F0-CC1FA0956E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B9063887-80F9-4898-8F69-36178D9C4BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "873E6F91-E3A8-4B6F-87F0-2FC843A0521F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACE9AFC-B520-44A9-90E9-0921AA25FA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "383A9D84-B1CA-42E1-B863-42B7F30A0DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E1EDB9-0C99-4067-BA23-94EA3225C0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5B5124-D5AF-46E4-81DF-A63DB4A3141D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0012942-BB39-42EE-AB7F-46E503140016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6627DC6B-166F-4DC9-A330-4C6063C3AD9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24F58A78-36B5-4CF0-B71D-DF451479F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B87019A-1277-483E-AAD1-17A53FAD7121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3501B65-DF7C-4E58-894A-E0280A68DA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35BCB121-C70F-44BC-80EE-415BDCF0E3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B300EE45-2582-41E9-9F7F-4CB81D51E964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB135B8-A4D2-4DDA-96F4-B3149441567B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDC6BAF-3133-47A9-9149-FD92BE55C130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD1A653-986F-472F-A9B0-904653661DBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Session Initiation Protocol (SIP) del programa TelePresence Codec (TC) y Collaboration Endpoint (CE) de Cisco, podr\u00eda permitir a un atacante remoto no identificado causar que un endpoint de TelePresence se vuelva a cargar inesperadamente, resultado una condici\u00f3n denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a la falta de mecanismos de control de flujo dentro del programa. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un flujo de paquetes INVITE de SIP hacia el dispositivo afectado. Una vulnerabilidad podr\u00eda permitir al atacante afectar la disponibilidad de los servicios y datos del dispositivo, incluida una condici\u00f3n DoS completa. Esta vulnerabilidad afecta a las siguientes plataformas TC y CE de Cisco cuando se ejecutan versiones de programas anteriores a TC 7.3.8 y CE 8.3.0. IDs de Bug de Cisco: CSCux94002."
}
],
"id": "CVE-2017-6648",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T13:29:00.517",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98934"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1038624"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}