Lucene search

[email protected]CVE-2018-0086

HistoryJan 18, 2018 - 6:29 a.m.

CVE-2018-0086

2018-01-1806:29:00

CWE-400

[email protected]

web.nvd.nist.gov

cve-2018-0086

cisco

unified cvp

vulnerability

denial of service

dos

sip invite

cisco bug ids

cscve85840

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.

Affected configurations

NVD

Node

ciscounified_customer_voice_portalRange≤11.5

CPENameOperatorVersion
cisco:unified_customer_voice_portalcisco unified customer voice portalle11.5

CPE	Name	Operator	Version
cisco:unified_customer_voice_portal	cisco unified customer voice portal	le	11.5

CNA Affected

[
  {
    "product": "Cisco Unified Customer Voice Portal",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Unified Customer Voice Portal"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102745

www.securitytracker.com/id/1040220

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for CVE-2018-0086

nvd1 cisco1 prion1 cvelist1