First published: Sun Sep 20 2015(Updated: )
Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Server Software | =2.3\(1.55\) | |
Cisco TelePresence Server Software | =2.3\(1.57\) | |
Cisco TelePresence Server Software | =3.0\(2.24\) | |
Cisco TelePresence Server Software | =3.0\(2.46\) | |
Cisco TelePresence Server Software | =3.0\(2.48\) | |
Cisco TelePresence Server Software | =3.0\(2.49\) | |
Cisco TelePresence Server Software | =3.1\(1.80\) | |
Cisco TelePresence Server Software | =3.1\(1.82\) | |
Cisco TelePresence Server Software | =3.1\(1.95\) | |
Cisco TelePresence Server Software | =3.1\(1.96\) | |
Cisco TelePresence Server Software | =3.1\(1.97\) | |
Cisco TelePresence Server Software | =3.1\(1.98\) | |
Cisco TelePresence Server Software | =4.0\(1.57\) | |
Cisco TelePresence Server Software | =4.0\(2.8\) | |
Cisco TelePresence Server Software | =4.1\(1.79\) | |
Cisco TelePresence Server 7010 | ||
Cisco TelePresence Server MSE 8710 | ||
Cisco TelePresence Server on Multiparty Media 310 | ||
Cisco TelePresence Server on Multiparty Media 320 | ||
Cisco TelePresence Server on Virtual Machine |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-6284 has been classified as having a high severity due to its potential to cause a denial of service.
To mitigate CVE-2015-6284, upgrade to the latest Cisco TelePresence Server software version that addresses this vulnerability.
CVE-2015-6284 is caused by a buffer overflow in the Conference Control Protocol API implementation.
Affected versions of Cisco TelePresence Server software include versions prior to 4.1(2.33) across various released versions.
Yes, CVE-2015-6284 can be exploited remotely through a crafted URL sent to vulnerable devices.