Details of VAR-201704-0646

ID

VAR-201704-0646

CVE

CVE-2017-3808

TITLE

Cisco Unified Communications Manager Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003368

DESCRIPTION

A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455. Cisco Unified Communications Manager (Cisco Unified CM) Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuz72455 It is released as.Service operation interruption (DoS) An attack may be carried out. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2017-3808 // JVNDB: JVNDB-2017-003368 // BID: 97922 // VULHUB: VHN-112011

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2.12901.1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(0.98000.486\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(1.99995.9\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.2\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(0.98000.88\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.0\(1.10000.10\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.10000.6\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(0.98000.480\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(1.98991.13\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.11007.2\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0\(1.10000.12\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2.13900.9\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.12000.1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5_base	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.0\(0.98000.225\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(3.10000.9\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0_base	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(0.99838.4\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2.10000.5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5(1.10000.6)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.0(1.10000.10)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5(2.10000.5)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	11.5(1.12900.2)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	11.0(1.23900.5)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	10.5(2.14900.16)	Trust: 0.3

sources: BID: 97922 // JVNDB: JVNDB-2017-003368 // CNNVD: CNNVD-201704-1070 // NVD: CVE-2017-3808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3808
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3808
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201704-1070
value:	HIGH
Trust: 0.6
VULHUB:	VHN-112011
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-3808
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-112011
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3808
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-112011 // JVNDB: JVNDB-2017-003368 // CNNVD: CNNVD-201704-1070 // NVD: CVE-2017-3808

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-112011 // JVNDB: JVNDB-2017-003368 // NVD: CVE-2017-3808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1070

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201704-1070

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003368

PATCH

title:	cisco-sa-20170419-ucm	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm	Trust: 0.8
title:	Cisco Unified Communications Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69462	Trust: 0.6

sources: JVNDB: JVNDB-2017-003368 // CNNVD: CNNVD-201704-1070

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3808	Trust: 2.8
db:	BID	id:	97922	Trust: 1.4
db:	SECTRACK	id:	1038318	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-003368	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-1070	Trust: 0.7
db:	NSFOCUS	id:	36493	Trust: 0.6
db:	VULHUB	id:	VHN-112011	Trust: 0.1

sources: VULHUB: VHN-112011 // BID: 97922 // JVNDB: JVNDB-2017-003368 // CNNVD: CNNVD-201704-1070 // NVD: CVE-2017-3808

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170419-ucm	Trust: 2.0
url:	http://www.securityfocus.com/bid/97922	Trust: 1.1
url:	http://www.securitytracker.com/id/1038318	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3808	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3808	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36493	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3

sources: VULHUB: VHN-112011 // BID: 97922 // JVNDB: JVNDB-2017-003368 // CNNVD: CNNVD-201704-1070 // NVD: CVE-2017-3808

CREDITS

Cisco

Trust: 0.3

sources: BID: 97922

SOURCES

db:	VULHUB	id:	VHN-112011
db:	BID	id:	97922
db:	JVNDB	id:	JVNDB-2017-003368
db:	CNNVD	id:	CNNVD-201704-1070
db:	NVD	id:	CVE-2017-3808

LAST UPDATE DATE

2024-11-23T22:26:47.274000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-112011	date:	2017-07-11T00:00:00
db:	BID	id:	97922	date:	2017-05-02T01:06:00
db:	JVNDB	id:	JVNDB-2017-003368	date:	2017-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-1070	date:	2017-04-21T00:00:00
db:	NVD	id:	CVE-2017-3808	date:	2024-11-21T03:26:09.430

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-112011	date:	2017-04-20T00:00:00
db:	BID	id:	97922	date:	2017-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-003368	date:	2017-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-1070	date:	2017-04-21T00:00:00
db:	NVD	id:	CVE-2017-3808	date:	2017-04-20T22:59:00.277