Vulnerability Name: | CVE-2018-0086 (CCN-137707) | ||||||||||||
Assigned: | 2017-11-27 | ||||||||||||
Published: | 2018-01-17 | ||||||||||||
Updated: | 2019-10-09 | ||||||||||||
Summary: | A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840. | ||||||||||||
CVSS v3 Severity: | 8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) 7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
Vulnerability Type: | CWE-400 | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-0086 Source: BID Type: Third Party Advisory, VDB Entry 102745 Source: CCN Type: BID-102745 Cisco Unified Customer Voice Portal CVE-2018-0086 Denial of Service Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040220 Source: XF Type: UNKNOWN cisco-cvp-cve20180086-dos(137707) Source: CCN Type: Cisco Security Advisory cisco-sa-20180117-cvp Cisco Unified Customer Voice Portal Denial of Service Vulnerability Source: CONFIRM Type: Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |