CVE-2016-1353 — Cisco Videoscape Distribution Suite FOR Internet Streaming vulnerability

CWE-3994 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.5%

top 34.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Videoscape Distribution Suite FOR Internet Streaming

Timeline

PublishedMar 1

Latest updateMay 17

Description

The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is in a FIN wait state, which allows remote attackers to cause a denial of service (TCP outage) via vectors involving FIN packets, aka Bug ID CSCuy45136.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDcisco/videoscape_distribution_suite4 versions+3

🔴Vulnerability Details

GHSA

GHSA-fjv2-mj28-xvpf: The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3↗2022-05-17

▶

CVEList

CVE-2016-1353: The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3↗2016-03-01

▶

📋Vendor Advisories

Cisco

Cisco Videoscape Distribution Suite for Internet Streaming TCP Session Handling Denial of Service Vulnerability↗2016-02-29

▶