Buffer overflow in Cisco Telepresence_server_7010

CVE-2015-6284

Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a de…

Vulnerability class: Buffer Overflow

EPSS: 0.004 (63.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_server_7010
Cisco Telepresence_server_mse_8710
Cisco Telepresence_server_on_multiparty_media_310
Cisco Telepresence_server_on_multiparty_media_320
Cisco Telepresence_server_on_virtual_machine
Cisco Telepresence_server_software — versions 2.3\(1.55\), 2.3\(1.57\), 3.0\(2.24\)
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

1033580 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20150916 Cisco TelePresence Server Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)