CVE-2014-3397
published 2014-10-19CVE-2014-3397: The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP…
PriorityP339high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
3.78%
88.6th percentile
The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | telepresence_mcu | — | — |
| cisco | telepresence_mcu_software | <= 4.3\(2.18\) | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_cisco7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-689q-3f4w-rv3r: The network stack in Cisco TelePresence MCU Software before 4
ghsa_unreviewed·2022-05-17
CVE-2014-3397 [HIGH] GHSA-689q-3f4w-rv3r: The network stack in Cisco TelePresence MCU Software before 4
The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468.
Cisco
Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
vendor_cisco·2014-10-15·CVSS 7.8
CVE-2014-3397 [HIGH] CWE-399 Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
A vulnerability in the network stack of Cisco TelePresence MCU Software
could allow an unauthenticated, remote attacker to cause the exhaustion
of available memory which could lead to system instability and a
reload of the affected system.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu
Note: This security advisory does not provide information about
the GNU Bash Environment Variable Command Injection Vulnerability (also known as Shellshock).
For additional information regarding Cisco products
Cisco
Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
vendor_cisco
CVE-2014-3397 Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
CVE-2014-3397: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
A vulnerability in the network stack of Cisco TelePresence MCU Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory which could lead to system instability and a reload of the affected system. Cisco has released software updates that address this vulnerability.
CWE: CWE-399, CWE-399
Bug IDs: CSCtz35468, CSCtz35468
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/60855http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcuhttp://tools.cisco.com/security/center/viewAlert.x?alertId=36016http://www.securitytracker.com/id/1031054http://secunia.com/advisories/60855http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcuhttp://tools.cisco.com/security/center/viewAlert.x?alertId=36016http://www.securitytracker.com/id/1031054
2014-10-19
Published