HomePentest-Tools.com Logo

Cisco ASA Software libSRTP Denial of Service Vulnerability (cisco-sa-20160420-libsrtp) CVE-2015-6360

Severity
CVSSv3 Score
7.5
Vulnerability description

Cisco released version 1.5.3 of the Secure Real-Time Transport Protocol (SRTP) library (libSRTP), which addresses a denial of service (DoS) vulnerability.

Risk description

The vulnerability is in the encryption processing subsystem of libSRTP and could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 21, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available