CVE-2003-0556

Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006494.html
http://marc.info/?l=bugtraq&m=105804648003163&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006494.html
http://marc.info/?l=bugtraq&m=105804648003163&w=2

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:polycom:mgc-100::::::::
	cpe:2.3:h:polycom:mgc-25:5.51.21:::::::*
	cpe:2.3:h:polycom:mgc-25:5.51.211:::::::*
	cpe:2.3:h:polycom:mgc-50::::::::

History

20 Nov 2024, 23:45

Type	Values Removed	Values Added
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006494.html -~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006494.html -
References	~~() http://marc.info/?l=bugtraq&m=105804648003163&w=2 -~~	() http://marc.info/?l=bugtraq&m=105804648003163&w=2 -

Information

Published : 2003-08-18 04:00

Updated : 2024-11-20 23:45

NVD link : CVE-2003-0556

Mitre link : CVE-2003-0556

CVE.ORG link : CVE-2003-0556

JSON object : View

Products Affected

polycom

mgc-50
mgc-100
mgc-25

CWE

NVD-CWE-Other

{"id": "CVE-2003-0556", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-08-18T04:00:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006494.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105804648003163&w=2", "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006494.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=105804648003163&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of \"user\" requests to the control port 5003, as demonstrated using the blast TCP stress tester."}, {"lang": "es", "value": "Polycom MGC 25 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante un n\u00famero largo de peticiones \"user\" al puerto de control 5003, como se ha demostrado usando el probador de estr\u00e9s blast TCP."}], "lastModified": "2024-11-20T23:45:00.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:polycom:mgc-100:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A63CAFB2-850D-44B8-98E9-9C76D21C2F06"}, {"criteria": "cpe:2.3:h:polycom:mgc-25:5.51.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4BC2C08-FDE4-4A56-9686-DF3EC0498815"}, {"criteria": "cpe:2.3:h:polycom:mgc-25:5.51.211:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30493D86-030F-4DFD-8CA9-0AC1A1FE6386"}, {"criteria": "cpe:2.3:h:polycom:mgc-50:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "780BE72A-038A-413E-8D79-7E80F731FCBE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}