Sign-up

ID

VAR-201705-3294


CVE

CVE-2017-3825


TITLE

Cisco TelePresence Collaboration Endpoint Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004132

DESCRIPTION

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396. Vendors have confirmed this vulnerability Bug ID CSCvb95396 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition, denying service to legitimate users. Cisco TelePresence DX Series and so on are the video terminal equipment of American Cisco Company. Cisco Spark Room OS is an operating system

Trust: 1.98

sources: NVD: CVE-2017-3825 // JVNDB: JVNDB-2017-004132 // BID: 98293 // VULHUB: VHN-112028

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence cescope:eqversion:8.0.0

Trust: 1.6

vendor:ciscomodel:telepresence tcscope:eqversion:6.3.5

Trust: 1.6

vendor:ciscomodel:telepresence tcscope:eqversion:6.3.2

Trust: 1.6

vendor:ciscomodel:telepresence tcscope:eqversion:6.0.2

Trust: 1.6

vendor:ciscomodel:telepresence tcscope:eqversion:7.1.3

Trust: 1.6

vendor:ciscomodel:telepresence tcscope:eqversion:6.0.4

Trust: 1.6

vendor:ciscomodel:telepresence tcscope:eqversion:7.1.1

Trust: 1.6

vendor:ciscomodel:telepresence tcscope:eqversion:4.2.2

Trust: 1.6

vendor:ciscomodel:telepresence tcscope:eqversion:4.2.4

Trust: 1.6

vendor:ciscomodel:telepresence tcscope:eqversion:7.1.4

Trust: 1.6

vendor:ciscomodel:telepresence tcscope:eqversion:4.2.3

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:7.3.6

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:7.1.2

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:6.3.1

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:4.2.1

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:6.3.3

Trust: 1.0

vendor:ciscomodel:telepresence cescope:eqversion:8.2.0

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:4.2.0

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:7.3.7

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:5.1.13

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:6.1.4

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:5.1.11

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:6.1.3

Trust: 1.0

vendor:ciscomodel:telepresence cescope:eqversion:8.1.0

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:6.3.4

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:6.0.3

Trust: 1.0

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.1.1

Trust: 0.8

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.2.0

Trust: 0.8

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.2.1

Trust: 0.8

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.2.2

Trust: 0.8

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.3.0

Trust: 0.8

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.3.1

Trust: 0.8

vendor:ciscomodel:telepresence sx seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence sx quick set seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence mx seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence integrator c seriesscope:eqversion:8.1.2

Trust: 0.3

vendor:ciscomodel:telepresence dx seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence ce8.3.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence ce8.2.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence ce8.2.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence ce8.2.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence ce8.1.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:spark room osscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence integrator c seriesscope:neversion:9.0.1

Trust: 0.3

vendor:ciscomodel:telepresence integrator c seriesscope:neversion:8.3.2

Trust: 0.3

vendor:ciscomodel:telepresence collaboration endpointscope:neversion:8.3.2

Trust: 0.3

sources: BID: 98293 // JVNDB: JVNDB-2017-004132 // CNNVD: CNNVD-201705-268 // NVD: CVE-2017-3825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3825
value: HIGH

Trust: 1.0

NVD: CVE-2017-3825
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201705-268
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112028
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3825
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112028
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3825
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112028 // JVNDB: JVNDB-2017-004132 // CNNVD: CNNVD-201705-268 // NVD: CVE-2017-3825

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-112028 // JVNDB: JVNDB-2017-004132 // NVD: CVE-2017-3825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-268

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201705-268

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004132

PATCH
title:cisco-sa-20170503-ctpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp
Trust: 0.8
title:Multiple Cisco product TelePresence Collaboration Endpoint Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69872
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004132 // 
            
            
            
            CNNVD: CNNVD-201705-268

EXTERNAL IDS
db:NVDid:CVE-2017-3825
Trust: 2.8
db:BIDid:98293
Trust: 2.0
db:SECTRACKid:1038392
Trust: 1.1
db:JVNDBid:JVNDB-2017-004132
Trust: 0.8
db:CNNVDid:CNNVD-201705-268
Trust: 0.7
db:NSFOCUSid:36612
Trust: 0.6
db:VULHUBid:VHN-112028
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112028 // 
            
            
            
            BID: 98293 // 
            
            
            
            JVNDB: JVNDB-2017-004132 // 
            
            
            
            CNNVD: CNNVD-201705-268 // 
            
            
            
            NVD: CVE-2017-3825

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170503-ctp
Trust: 2.0
url:http://www.securityfocus.com/bid/98293
Trust: 1.7
url:http://www.securitytracker.com/id/1038392
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3825
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3825
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36612
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112028 // 
            
            
            
            BID: 98293 // 
            
            
            
            JVNDB: JVNDB-2017-004132 // 
            
            
            
            CNNVD: CNNVD-201705-268 // 
            
            
            
            NVD: CVE-2017-3825

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98293 // 
            
            
            
            CNNVD: CNNVD-201705-268

SOURCES
db:VULHUBid:VHN-112028
db:BIDid:98293
db:JVNDBid:JVNDB-2017-004132
db:CNNVDid:CNNVD-201705-268
db:NVDid:CVE-2017-3825

LAST UPDATE DATE
2024-11-23T22:34:38.749000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112028date:2017-07-11T00:00:00
db:BIDid:98293date:2017-05-23T16:23:00
db:JVNDBid:JVNDB-2017-004132date:2017-06-16T00:00:00
db:CNNVDid:CNNVD-201705-268date:2017-05-09T00:00:00
db:NVDid:CVE-2017-3825date:2024-11-21T03:26:11.413

SOURCES RELEASE DATE
db:VULHUBid:VHN-112028date:2017-05-16T00:00:00
db:BIDid:98293date:2017-05-03T00:00:00
db:JVNDBid:JVNDB-2017-004132date:2017-06-16T00:00:00
db:CNNVDid:CNNVD-201705-268date:2017-05-09T00:00:00
db:NVDid:CVE-2017-3825date:2017-05-16T17:29:00.183