Lucene search

MitreCVE-2017-14114

HistorySep 02, 2017 - 4:29 p.m.

CVE-2017-14114

2017-09-0216:29:00

CWE-200

mitre

web.nvd.nist.gov

rtpproxy

nat feature

vulnerability

cve-2017-14114

rtp traffic

remote attackers

denial of service

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

55.6%

JSON

RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets.

Affected configurations

Nvd

Node

rtpproxyrtpproxyRange≤2.2alpha.20160822

VendorProductVersionCPE
rtpproxyrtpproxy*cpe:2.3:a:rtpproxy:rtpproxy:*:alpha.20160822:*:*:*:*:*:*

Vendor	Product	Version	CPE
rtpproxy	rtpproxy	*	cpe:2.3:a:rtpproxy:rtpproxy::alpha.20160822::::::*

References

rtpbleed.com

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

55.6%

JSON

Related for CVE-2017-14114