CVE-2015-0725 — Improper Input Validation in Cisco Videoscape Distribution Suite FOR Internet Streaming

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 63.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Videoscape Distribution Suite FOR Internet Streaming Cisco Videoscape Distribution Suite Service Broker

Timeline

PublishedJul 16

Latest updateMay 17

Description

Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/videoscape_distribution_suite_service_broker1.0.1, 1.0_base, 1.1_base+2

▶NVDcisco/videoscape_distribution_suite36 versions+35

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-7cmj-phvp-jgjw: Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Inter↗2022-05-17

▶

CVEList

CVE-2015-0725: Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Inter↗2015-07-16

▶

📋Vendor Advisories

Cisco

Cisco Videoscape Delivery System Denial of Service Vulnerability↗2015-07-15

▶