CVE-2014-0662

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.1HIGH

EPSS

1.5%

top 18.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Server Software Cisco Telepresence Video Communication Servers Software

Timeline

PublishedJan 22

Latest updateMay 17

Description

The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/telepresence_video_communication_servers_software4 versions+3

▶NVDcisco/telepresence_video_communicationx7.2.2+5

🔴Vulnerability Details

GHSA

GHSA-jw28-hjmx-6x9q: The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8↗2022-05-17

▶

CVEList

CVE-2014-0662: The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8↗2014-01-22

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability↗2014-01-22

▶