Details of VAR-201710-0657

ID

VAR-201710-0657

CVE

CVE-2017-12287

TITLE

Cisco Expressway Series and TelePresence Video Communication Server Software management resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009447

DESCRIPTION

A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system. A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition. Cisco Bug IDs: CSCve77571. Vendors have confirmed this vulnerability Bug ID CSCve77571 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Clusterdatabase (CDB) management is one of the cluster database management components

Trust: 2.52

sources: NVD: CVE-2017-12287 // JVNDB: JVNDB-2017-009447 // CNVD: CNVD-2017-32119 // BID: 101525 // VULHUB: VHN-102794

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-32119

AFFECTED PRODUCTS

vendor:	cisco	model:	expressway	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	telepresence conductor	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	telepresence video communication server	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence conductor	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	expressway	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	expressway series software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence conductor	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	expressway series	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2017-32119 // BID: 101525 // JVNDB: JVNDB-2017-009447 // CNNVD: CNNVD-201710-881 // NVD: CVE-2017-12287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12287
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12287
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-32119
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201710-881
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102794
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12287
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-32119
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-102794
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12287
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-32119 // VULHUB: VHN-102794 // JVNDB: JVNDB-2017-009447 // CNNVD: CNNVD-201710-881 // NVD: CVE-2017-12287

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-102794 // JVNDB: JVNDB-2017-009447 // NVD: CVE-2017-12287

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-881

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201710-881

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009447

PATCH

title:	cisco-sa-20171018-expressway-tp-vcs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs	Trust: 0.8
title:	Patch for Cisco ExpresswaySeries and Cisco TelePresence Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/105070	Trust: 0.6
title:	Cisco Expressway Series Software and Cisco TelePresence Video Communication Server Software cluster database management Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75863	Trust: 0.6

sources: CNVD: CNVD-2017-32119 // JVNDB: JVNDB-2017-009447 // CNNVD: CNNVD-201710-881

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12287	Trust: 3.4
db:	BID	id:	101525	Trust: 2.6
db:	SECTRACK	id:	1039626	Trust: 2.3
db:	JVNDB	id:	JVNDB-2017-009447	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-881	Trust: 0.7
db:	CNVD	id:	CNVD-2017-32119	Trust: 0.6
db:	VULHUB	id:	VHN-102794	Trust: 0.1

sources: CNVD: CNVD-2017-32119 // VULHUB: VHN-102794 // BID: 101525 // JVNDB: JVNDB-2017-009447 // CNNVD: CNNVD-201710-881 // NVD: CVE-2017-12287

REFERENCES

url:	http://www.securityfocus.com/bid/101525	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-expressway-tp-vcs	Trust: 2.0
url:	http://www.securitytracker.com/id/1039626	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12287	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12287	Trust: 0.8
url:	https://securitytracker.com/id/1039626	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-32119 // VULHUB: VHN-102794 // BID: 101525 // JVNDB: JVNDB-2017-009447 // CNNVD: CNNVD-201710-881 // NVD: CVE-2017-12287

CREDITS

Cisco

Trust: 0.3

sources: BID: 101525

SOURCES

db:	CNVD	id:	CNVD-2017-32119
db:	VULHUB	id:	VHN-102794
db:	BID	id:	101525
db:	JVNDB	id:	JVNDB-2017-009447
db:	CNNVD	id:	CNNVD-201710-881
db:	NVD	id:	CVE-2017-12287

LAST UPDATE DATE

2024-11-23T22:45:35.136000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-32119	date:	2017-10-31T00:00:00
db:	VULHUB	id:	VHN-102794	date:	2019-10-09T00:00:00
db:	BID	id:	101525	date:	2017-12-19T22:00:00
db:	JVNDB	id:	JVNDB-2017-009447	date:	2017-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201710-881	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12287	date:	2024-11-21T03:09:14.237

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-32119	date:	2017-10-31T00:00:00
db:	VULHUB	id:	VHN-102794	date:	2017-10-19T00:00:00
db:	BID	id:	101525	date:	2017-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-009447	date:	2017-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201710-881	date:	2017-10-23T00:00:00
db:	NVD	id:	CVE-2017-12287	date:	2017-10-19T08:29:00.530