Sign-up

ID

VAR-200701-0062


CVE

CVE-2007-0198


TITLE

Cisco Unified Contact Center Enterprise of JTapi Gateway Service disruption in the process (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001375

DESCRIPTION

The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. An attacker can exploit this issue to cause the vulnerable JTapi Gateway service to restart. Since the restart process can take several minutes, no new connections will be processed during that time, which effectively means a denial of service for legitimate users. If the system is deployed in a redundant manner, the redundant system will take over to prevent loss of service, but the JTapi gateway process can also be restarted in the redundant system by exploiting the same vulnerability. An attacker must be able to complete a triple TCP handshake to the JTapi server port to exploit this vulnerability. This port number depends on how the product is deployed and whether redundant servers exist. You can determine the port number by querying the jtapiServerPortNumber value in the Windows registry: * HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Systems, Inc.\ICM\[instanceName]\PG[Number][A/B]\PG\CurrentVersion\JGWS\jgw[number ]\JGWData\Config

Trust: 1.98

sources: NVD: CVE-2007-0198 // JVNDB: JVNDB-2007-001375 // BID: 21988 // VULHUB: VHN-23560

AFFECTED PRODUCTS

vendor:ciscomodel:unified contact center enterprisescope:eqversion:5.0

Trust: 1.6

vendor:ciscomodel:ip contact center hostedscope:eqversion:5.0

Trust: 1.6

vendor:ciscomodel:unified contact center hostedscope:eqversion:5.0

Trust: 1.6

vendor:ciscomodel:ip contact center enterprisescope:eqversion:5.0

Trust: 1.6

vendor:ciscomodel:ip contact center hostedscope:lteversion:7.1

Trust: 1.0

vendor:ciscomodel:unified contact center enterprisescope:lteversion:7.1

Trust: 1.0

vendor:ciscomodel:ip contact center enterprisescope:lteversion:7.1

Trust: 1.0

vendor:ciscomodel:unified contact center hostedscope:lteversion:7.1

Trust: 1.0

vendor:ciscomodel:unified contact center enterprisescope:eqversion:5.0 to 7.1

Trust: 0.8

vendor:ciscomodel:ip contact center enterprisescope:eqversion:5.0 to 7.1

Trust: 0.8

vendor:ciscomodel:ip contact center hostedscope:eqversion:5.0 to 7.1

Trust: 0.8

vendor:ciscomodel:unified contact center hostedscope:eqversion:5.0 to 7.1

Trust: 0.8

vendor:ciscomodel:ip contact center enterprisescope:eqversion:7.1

Trust: 0.6

vendor:ciscomodel:unified contact center enterprisescope:eqversion:7.1

Trust: 0.6

vendor:ciscomodel:unified contact center hostedscope:eqversion:7.1

Trust: 0.6

vendor:ciscomodel:ip contact center hostedscope:eqversion:7.1

Trust: 0.6

vendor:ciscomodel:unified contact center hostedscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified contact center enterprisescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ip contact center hostedscope: - version: -

Trust: 0.3

vendor:ciscomodel:ip contact center enterprisescope: - version: -

Trust: 0.3

vendor:ciscomodel:icm hosted editionscope: - version: -

Trust: 0.3

vendor:ciscomodel:icm enterprise editionscope: - version: -

Trust: 0.3

vendor:ciscomodel:unified intelligent contact management hostedscope:neversion:0

Trust: 0.3

vendor:ciscomodel:unified intelligent contact management enterprisescope:neversion:0

Trust: 0.3

vendor:ciscomodel:unified contact center expressscope:neversion:0

Trust: 0.3

vendor:ciscomodel:ip contact center expressscope:neversion: -

Trust: 0.3

sources: BID: 21988 // JVNDB: JVNDB-2007-001375 // CNNVD: CNNVD-200701-137 // NVD: CVE-2007-0198

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0198
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-0198
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200701-137
value: MEDIUM

Trust: 0.6

VULHUB: VHN-23560
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-0198
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23560
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-23560 // JVNDB: JVNDB-2007-001375 // CNNVD: CNNVD-200701-137 // NVD: CVE-2007-0198

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0198

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-137

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200701-137

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001375

PATCH
title:cisco-sa-20070110-jtapiurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070110-jtapi
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001375

EXTERNAL IDS
db:NVDid:CVE-2007-0198
Trust: 2.5
db:BIDid:21988
Trust: 2.0
db:SECTRACKid:1017499
Trust: 1.7
db:SECUNIAid:23710
Trust: 1.7
db:OSVDBid:32682
Trust: 1.7
db:VUPENid:ADV-2007-0138
Trust: 1.7
db:JVNDBid:JVNDB-2007-001375
Trust: 0.8
db:CNNVDid:CNNVD-200701-137
Trust: 0.7
db:CISCOid:20070110 CISCO UNIFIED CONTACT CENTER AND IP CONTACT CENTER JTAPI GATEWAY VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-23560
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23560 // 
            
            
            
            BID: 21988 // 
            
            
            
            JVNDB: JVNDB-2007-001375 // 
            
            
            
            CNNVD: CNNVD-200701-137 // 
            
            
            
            NVD: CVE-2007-0198

REFERENCES
url:http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml
Trust: 2.0
url:http://www.securityfocus.com/bid/21988
Trust: 1.7
url:http://osvdb.org/32682
Trust: 1.7
url:http://securitytracker.com/id?1017499
Trust: 1.7
url:http://secunia.com/advisories/23710
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/0138
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0198
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0198
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/0138
Trust: 0.6
url:/archive/1/456499
Trust: 0.3
sources:
            
            
            VULHUB: VHN-23560 // 
            
            
            
            BID: 21988 // 
            
            
            
            JVNDB: JVNDB-2007-001375 // 
            
            
            
            CNNVD: CNNVD-200701-137 // 
            
            
            
            NVD: CVE-2007-0198

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200701-137

SOURCES
db:VULHUBid:VHN-23560
db:BIDid:21988
db:JVNDBid:JVNDB-2007-001375
db:CNNVDid:CNNVD-200701-137
db:NVDid:CVE-2007-0198

LAST UPDATE DATE
2024-11-23T22:54:10.762000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-23560date:2011-03-08T00:00:00
db:BIDid:21988date:2007-01-29T23:39:00
db:JVNDBid:JVNDB-2007-001375date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-137date:2007-01-14T00:00:00
db:NVDid:CVE-2007-0198date:2024-11-21T00:25:13.807

SOURCES RELEASE DATE
db:VULHUBid:VHN-23560date:2007-01-11T00:00:00
db:BIDid:21988date:2007-01-10T00:00:00
db:JVNDBid:JVNDB-2007-001375date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-137date:2007-01-11T00:00:00
db:NVDid:CVE-2007-0198date:2007-01-11T11:28:00