Strix
26.1K

CVE-2013-1176

UnknownEPSS 1.17%

Last modified

CVE-2013-1176 is a vulnerability of currently unknown severity. The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448.. EPSS estimates a 1.17% chance of exploitation in the next 30 days.

Description

The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448.

Metrics

EPSS Probability
1.17%

63.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoTelepresence Mcu 4500 Series Software<= 4.3\(2.18\)
CiscoTelepresence Mcu 4500 Series Software4.1\(1.51\)
CiscoTelepresence Mcu 4500 Series Software4.1\(1.59\)
CiscoTelepresence Mcu 4500 Series Software4.2\(1.43\)
CiscoTelepresence Mcu 4500 Series Software4.2\(1.46\)
CiscoTelepresence Mcu 4500 Series Software4.2\(1.50\)
CiscoTelepresence Mcu 4500 Series Software4.3\(1.68\)
CiscoTelepresence Mcu 4505All versions
CiscoTelepresence Mcu 4510All versions
CiscoTelepresence Mcu 4515All versions
CiscoTelepresence Mcu 4520All versions
CiscoTelepresence Mcu 4501 Series Software<= 4.3\(2.18\)
CiscoTelepresence Mcu 4501 Series Software4.1\(1.51\)
CiscoTelepresence Mcu 4501 Series Software4.1\(1.59\)
CiscoTelepresence Mcu 4501 Series Software4.2\(1.43\)
CiscoTelepresence Mcu 4501 Series Software4.2\(1.46\)
CiscoTelepresence Mcu 4501 Series Software4.2\(1.50\)
CiscoTelepresence Mcu 4501 Series Software4.3\(1.68\)
CiscoTelepresence Mcu 4501All versions
CiscoTelepresence Mcu Mse Series Software<= 4.3\(2.18\)
CiscoTelepresence Mcu Mse Series Software4.1\(1.51\)
CiscoTelepresence Mcu Mse Series Software4.1\(1.59\)
CiscoTelepresence Mcu Mse Series Software4.2\(1.43\)
CiscoTelepresence Mcu Mse Series Software4.2\(1.46\)
CiscoTelepresence Mcu Mse Series Software4.2\(1.50\)
CiscoTelepresence Mcu Mse Series Software4.3\(1.68\)
CiscoTelepresence Mcu Mse 8510All versions
CiscoTelepresence Server Software<= 2.2\(1.54\)
CiscoTelepresence Server Software2.1\(1.33\)
CiscoTelepresence Server Software2.1\(1.37\)
CiscoTelepresence Server Software2.2\(1.43\)
CiscoTelepresence Server 7010All versions
CiscoTelepresence Server Mse 8710All versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-1176?
The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448.
How severe is CVE-2013-1176?
Severity scoring for CVE-2013-1176 is pending analysis. The EPSS model estimates a 1.17% probability of exploitation in the next 30 days.
How do I fix CVE-2013-1176?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-1176?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST