Vulnerability CVE-2007-0198 - CERT Civis.Net

Vulnerability Name:

CVE-2007-0198 (CCN-31396)

Assigned:

2007-01-10

Published:

2007-01-10

Updated:

2011-03-08

Summary:

The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2007-0198

Source: OSVDB
Type: UNKNOWN
32682

Source: CCN
Type: SA23710
Cisco Multiple Products JTapi Gateway Denial Of Service

Source: SECUNIA
Type: UNKNOWN
23710

Source: CCN
Type: SECTRACK ID: 1017499
Cisco Unified Contact Center JTapi Gateway Can Be Restarted By Remote Users

Source: SECTRACK
Type: UNKNOWN
1017499

Source: CCN
Type: cisco-sa-20070110-jtapi
Cisco Security Advisory: Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability

Source: CISCO
Type: Patch, Vendor Advisory
20070110 Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability

Source: CCN
Type: OSVDB ID: 32682
Cisco Contact Center JTapi Gateway Process Crafted Session Remote DoS

Source: BID
Type: UNKNOWN
21988

Source: CCN
Type: BID-21988
Cisco Unified Contact Center and IP Contact Center JTapi Gateway Denial of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-0138

Source: XF
Type: UNKNOWN
cisco-unified-jtapi-dos(31396)

Vulnerable Configuration:

Configuration 1:

cpe:/a:cisco:ip_contact_center_enterprise:5.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:ip_contact_center_enterprise:*:*:*:*:*:*:*:* (Version <= 7.1)

OR cpe:/a:cisco:ip_contact_center_hosted:5.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:ip_contact_center_hosted:*:*:*:*:*:*:*:* (Version <= 7.1)

OR cpe:/a:cisco:unified_contact_center_enterprise:5.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:* (Version <= 7.1)

OR cpe:/a:cisco:unified_contact_center_hosted:5.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_contact_center_hosted:*:*:*:*:*:*:*:* (Version <= 7.1)

Configuration CCN 1:

cpe:/a:cisco:ip_contact_center_enterprise:5.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:ip_contact_center_enterprise:7.1:*:*:*:*:*:*:*

OR cpe:/a:cisco:ip_contact_center_hosted:5.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:ip_contact_center_hosted:7.1:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_contact_center_enterprise:7.1:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_contact_center_enterprise:7.0(0):sr1:*:*:*:*:*:*

OR cpe:/a:cisco:unified_contact_center_enterprise:6.0(0):sr1:*:*:*:*:*:*

OR cpe:/a:cisco:unified_contact_center_enterprise:5.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_contact_center_hosted:7.1:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_contact_center_hosted:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable