CVE-2014-2156

Published: May 2, 2014Modified: May 6, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739.

Affected (22)

Products: Cisco: Telepresence System Software, Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp, Tandberg 880 Mxp, Tandberg 990 Mxp, Telepresence System 1000 Mxp, Telepresence System 1700 Mxp, Telepresence System Codec 3000 Mxp, Telepresence System Codec 6000 Mxp, Telepresence System Edge 75 Mxp, Telepresence System Edge 85 Mxp, Telepresence System Edge 95 Mxp

Cisco

13 products

Telepresence System Software

Telepresence System 1000 Mxp

Telepresence System 1700 Mxp

Telepresence System Codec 3000 Mxp

Telepresence System Codec 6000 Mxp

Telepresence System Edge 75 Mxp

Telepresence System Edge 85 Mxp

Telepresence System Edge 95 Mxp

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence System Software	Up to f9.3
Cisco Telepresence System Software	Version f9.0.1
Cisco Telepresence System Software	Version f9.0.2
Cisco Telepresence System Software	Version f9.1.0
Cisco Telepresence System Software	Version f9.1.1
Cisco Telepresence System Software	Version f9.1.2
Cisco Telepresence System Software	Version fnc9.1.0
Cisco Telepresence System Software	Version fnc9.1.1
Cisco Telepresence System Software	Version fnc9.1.2
Cisco Telepresence System Software	Version fnc9.3
Cisco Tandberg 2000 Mxp	All versions
Cisco Tandberg 550 Mxp	All versions
Cisco Tandberg 770 Mxp	All versions
Cisco Tandberg 880 Mxp	All versions
Cisco Tandberg 990 Mxp	All versions
Cisco Telepresence System 1000 Mxp	All versions
Cisco Telepresence System 1700 Mxp	All versions
Cisco Telepresence System Codec 3000 Mxp	All versions
Cisco Telepresence System Codec 6000 Mxp	All versions
Cisco Telepresence System Edge 75 Mxp	All versions
Cisco Telepresence System Edge 85 Mxp	All versions
Cisco Telepresence System Edge 95 Mxp	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.