CVE-2013-1176

Published: Apr 18, 2013Modified: Apr 29, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448.

Affected (33)

Products: Cisco: Telepresence Mcu 4500 Series Software, Telepresence Mcu 4505, Telepresence Mcu 4510, Telepresence Mcu 4515, Telepresence Mcu 4520, Telepresence Mcu 4501 Series Software, Telepresence Mcu 4501, Telepresence Mcu Mse Series Software, Telepresence Mcu Mse 8510, Telepresence Server Software, Telepresence Server 7010, Telepresence Server Mse 8710

Cisco

12 products

Telepresence Mcu 4500 Series Software

Telepresence Mcu 4505

Telepresence Mcu 4510

Telepresence Mcu 4515

Telepresence Mcu 4520

Telepresence Mcu 4501 Series Software

Telepresence Mcu 4501

Telepresence Mcu Mse Series Software

Telepresence Mcu Mse 8510

Telepresence Server Software

Telepresence Server 7010

Telepresence Server Mse 8710

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Mcu 4500 Series Software	Up to 4.3\(2.18\)
Cisco Telepresence Mcu 4500 Series Software	Version 4.1(1.51)
Cisco Telepresence Mcu 4500 Series Software	Version 4.1(1.59)
Cisco Telepresence Mcu 4500 Series Software	Version 4.2(1.43)
Cisco Telepresence Mcu 4500 Series Software	Version 4.2(1.46)
Cisco Telepresence Mcu 4500 Series Software	Version 4.2(1.50)
Cisco Telepresence Mcu 4500 Series Software	Version 4.3(1.68)
Cisco Telepresence Mcu 4505	All versions
Cisco Telepresence Mcu 4510	All versions
Cisco Telepresence Mcu 4515	All versions
Cisco Telepresence Mcu 4520	All versions

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Mcu 4501 Series Software	Up to 4.3\(2.18\)
Cisco Telepresence Mcu 4501 Series Software	Version 4.1(1.51)
Cisco Telepresence Mcu 4501 Series Software	Version 4.1(1.59)
Cisco Telepresence Mcu 4501 Series Software	Version 4.2(1.43)
Cisco Telepresence Mcu 4501 Series Software	Version 4.2(1.46)
Cisco Telepresence Mcu 4501 Series Software	Version 4.2(1.50)
Cisco Telepresence Mcu 4501 Series Software	Version 4.3(1.68)
Cisco Telepresence Mcu 4501	All versions

Configuration C

8 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Mcu Mse Series Software	Up to 4.3\(2.18\)
Cisco Telepresence Mcu Mse Series Software	Version 4.1(1.51)
Cisco Telepresence Mcu Mse Series Software	Version 4.1(1.59)
Cisco Telepresence Mcu Mse Series Software	Version 4.2(1.43)
Cisco Telepresence Mcu Mse Series Software	Version 4.2(1.46)
Cisco Telepresence Mcu Mse Series Software	Version 4.2(1.50)
Cisco Telepresence Mcu Mse Series Software	Version 4.3(1.68)
Cisco Telepresence Mcu Mse 8510	All versions

Configuration D

6 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Server Software	Up to 2.2\(1.54\)
Cisco Telepresence Server Software	Version 2.1(1.33)
Cisco Telepresence Server Software	Version 2.1(1.37)
Cisco Telepresence Server Software	Version 2.2(1.43)
Cisco Telepresence Server 7010	All versions
Cisco Telepresence Server Mse 8710	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.