Details of VAR-201708-1342

ID

VAR-201708-1342

CVE

CVE-2017-6790

TITLE

Cisco TelePresence Video Communication Server Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007197

DESCRIPTION

A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897. Vendors have confirmed this vulnerability Bug ID CSCve32897 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Session Initiation Protocol (SIP) is one of the session initiation protocols

Trust: 1.98

sources: NVD: CVE-2017-6790 // JVNDB: JVNDB-2017-007197 // BID: 100369 // VULHUB: VHN-114993

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.7	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.8	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.9	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.7.1	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.7.2	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.7.3	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	0	Trust: 0.3

sources: BID: 100369 // JVNDB: JVNDB-2017-007197 // CNNVD: CNNVD-201708-797 // NVD: CVE-2017-6790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6790
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6790
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201708-797
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114993
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6790
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114993
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6790
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114993 // JVNDB: JVNDB-2017-007197 // CNNVD: CNNVD-201708-797 // NVD: CVE-2017-6790

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-114993 // JVNDB: JVNDB-2017-007197 // NVD: CVE-2017-6790

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-797

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201708-797

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007197

PATCH

title:	cisco-sa-20170816-vcs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs	Trust: 0.8
title:	Cisco TelePresence Video Communication Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74113	Trust: 0.6

sources: JVNDB: JVNDB-2017-007197 // CNNVD: CNNVD-201708-797

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6790	Trust: 2.8
db:	BID	id:	100369	Trust: 2.0
db:	SECTRACK	id:	1039185	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-007197	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-797	Trust: 0.7
db:	VULHUB	id:	VHN-114993	Trust: 0.1

sources: VULHUB: VHN-114993 // BID: 100369 // JVNDB: JVNDB-2017-007197 // CNNVD: CNNVD-201708-797 // NVD: CVE-2017-6790

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-vcs	Trust: 2.0
url:	http://www.securityfocus.com/bid/100369	Trust: 1.7
url:	http://www.securitytracker.com/id/1039185	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6790	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6790	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114993 // BID: 100369 // JVNDB: JVNDB-2017-007197 // CNNVD: CNNVD-201708-797 // NVD: CVE-2017-6790

CREDITS

Cisco

Trust: 0.3

sources: BID: 100369

SOURCES

db:	VULHUB	id:	VHN-114993
db:	BID	id:	100369
db:	JVNDB	id:	JVNDB-2017-007197
db:	CNNVD	id:	CNNVD-201708-797
db:	NVD	id:	CVE-2017-6790

LAST UPDATE DATE

2024-11-23T23:02:22.379000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114993	date:	2019-10-03T00:00:00
db:	BID	id:	100369	date:	2017-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-007197	date:	2017-09-13T00:00:00
db:	CNNVD	id:	CNNVD-201708-797	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6790	date:	2024-11-21T03:30:32.043

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114993	date:	2017-08-17T00:00:00
db:	BID	id:	100369	date:	2017-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-007197	date:	2017-09-13T00:00:00
db:	CNNVD	id:	CNNVD-201708-797	date:	2017-08-18T00:00:00
db:	NVD	id:	CVE-2017-6790	date:	2017-08-17T20:29:00.947