Sign-up

ID

VAR-201709-1083


CVE

CVE-2017-6791


TITLE

Cisco Unified Communications Manager Data processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007990

DESCRIPTION

A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905. Cisco Unified Communications Manager Contains a data processing vulnerability. Vendors have confirmed this vulnerability Bug ID CSCux21905 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 2.07

sources: NVD: CVE-2017-6791 // JVNDB: JVNDB-2017-007990 // BID: 100662 // VULHUB: VHN-114994 // VULMON: CVE-2017-6791

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:11.0\(1.10000.10\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:9.1\(2.10000.28\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.0\(1.10000.24\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:9.1(2.10000.28)

Trust: 1.1

vendor:ciscomodel:unified communications managerscope:eqversion:11.0(1.10000.10)

Trust: 1.1

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.10000.5)

Trust: 1.1

vendor:ciscomodel:unified communications managerscope:eqversion:10.0(1.10000.24)

Trust: 1.1

sources: BID: 100662 // JVNDB: JVNDB-2017-007990 // CNNVD: CNNVD-201709-218 // NVD: CVE-2017-6791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6791
value: HIGH

Trust: 1.0

NVD: CVE-2017-6791
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201709-218
value: HIGH

Trust: 0.6

VULHUB: VHN-114994
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-6791
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6791
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-114994
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6791
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114994 // VULMON: CVE-2017-6791 // JVNDB: JVNDB-2017-007990 // CNNVD: CNNVD-201709-218 // NVD: CVE-2017-6791

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-19

Trust: 0.9

sources: VULHUB: VHN-114994 // JVNDB: JVNDB-2017-007990 // NVD: CVE-2017-6791

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-218

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201709-218

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007990

PATCH
title:CSCux21905 - TVS thread blocked by incomplete TVS handshakeurl:https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905
Trust: 0.8
title:cisco-sa-20170906-ucmurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm
Trust: 0.8
title:Cisco Unified Communications Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74574
Trust: 0.6
title:Cisco: Cisco Unified Communications Manager Trust Verification Service Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170906-ucm
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-6791 // 
            
            
            
            JVNDB: JVNDB-2017-007990 // 
            
            
            
            CNNVD: CNNVD-201709-218

EXTERNAL IDS
db:NVDid:CVE-2017-6791
Trust: 2.9
db:BIDid:100662
Trust: 2.1
db:SECTRACKid:1039286
Trust: 1.8
db:JVNDBid:JVNDB-2017-007990
Trust: 0.8
db:CNNVDid:CNNVD-201709-218
Trust: 0.6
db:VULHUBid:VHN-114994
Trust: 0.1
db:VULMONid:CVE-2017-6791
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114994 // 
            
            
            
            VULMON: CVE-2017-6791 // 
            
            
            
            BID: 100662 // 
            
            
            
            JVNDB: JVNDB-2017-007990 // 
            
            
            
            CNNVD: CNNVD-201709-218 // 
            
            
            
            NVD: CVE-2017-6791

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-ucm
Trust: 2.2
url:http://www.securityfocus.com/bid/100662
Trust: 1.9
url:https://quickview.cloudapps.cisco.com/quickview/bug/cscux21905
Trust: 1.8
url:http://www.securitytracker.com/id/1039286
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6791
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6791
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114994 // 
            
            
            
            VULMON: CVE-2017-6791 // 
            
            
            
            BID: 100662 // 
            
            
            
            JVNDB: JVNDB-2017-007990 // 
            
            
            
            CNNVD: CNNVD-201709-218 // 
            
            
            
            NVD: CVE-2017-6791

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100662

SOURCES
db:VULHUBid:VHN-114994
db:VULMONid:CVE-2017-6791
db:BIDid:100662
db:JVNDBid:JVNDB-2017-007990
db:CNNVDid:CNNVD-201709-218
db:NVDid:CVE-2017-6791

LAST UPDATE DATE
2024-11-23T22:17:48.391000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114994date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-6791date:2019-10-09T00:00:00
db:BIDid:100662date:2017-09-06T00:00:00
db:JVNDBid:JVNDB-2017-007990date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201709-218date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6791date:2024-11-21T03:30:32.170

SOURCES RELEASE DATE
db:VULHUBid:VHN-114994date:2017-09-07T00:00:00
db:VULMONid:CVE-2017-6791date:2017-09-07T00:00:00
db:BIDid:100662date:2017-09-06T00:00:00
db:JVNDBid:JVNDB-2017-007990date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201709-218date:2017-09-11T00:00:00
db:NVDid:CVE-2017-6791date:2017-09-07T21:29:00.800