CVE-2015-6312 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Netgear Jr6150 Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Jr6150 Firmware Zyxel Gs1900-10hp Firmware Dell EMC Powerscale Onefs +1 more

Timeline

PublishedApr 6

Latest updateMay 17

Description

Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDnetgear/jr6150_firmware< 2017-01-06

▶NVDzyxel/gs1900-10hp_firmware< 2.50\(aazi.0\)c0

▶NVDzzinc/keymouse_firmware3.08

▶NVDdell/emc_powerscale_onefs8.2.2

🔴Vulnerability Details

GHSA

GHSA-q9cj-g23q-m8r7: Cisco TelePresence Server 3↗2022-05-17

▶

CVEList

CVE-2015-6312: Cisco TelePresence Server 3↗2016-04-06

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability↗2016-04-06

▶