QID 730225

Date Published: 2021-10-07

QID 730225: Cisco TelePresence Collaboration Endpoint Software Denial of Service (DoS) Vulnerability (cisco-sa-tpce-rmos-mem-dos-rck56tT)

A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and
Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a
shared memory segment, resulting in a denial of service (DoS) condition.

Affected Products
Cisco devices if they were running a vulnerable release of Cisco TelePresence CE Software or Cisco RoomOS Software.
All versions Prior to 10.7.2
Note: No support for Room OS

QID Detection Logic (Unauthenticated):
This QID matches vulnerable versions based on the exposed banner(Sip) information.

A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.

  • CVSS V3 rated as Medium - 3.3 severity.
  • CVSS V2 rated as Low - 2.1 severity.
    • Solution

    Customers are advised to refer to cisco-sa-tpce-rmos-mem-dos-rck56tT for more information.

    Vendor References

    CVEs related to QID 730225

    CVE-2021-34758 |
    Software Advisories
    Advisory ID Software Component Link
    cisco-sa-tpce-rmos-mem-dos-rck56tT URL Logo tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].