Details of VAR-201801-1078

ID

VAR-201801-1078

CVE

CVE-2018-0086

TITLE

Cisco Unified Customer Voice Portal Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2018-001503

DESCRIPTION

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840. Vendors have confirmed this vulnerability Bug ID CSCve85840 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause denial-of-service conditions. Application server is one of the application servers

Trust: 1.98

sources: NVD: CVE-2018-0086 // JVNDB: JVNDB-2018-001503 // BID: 102745 // VULHUB: VHN-118288

AFFECTED PRODUCTS

vendor:	cisco	model:	unified customer voice portal	scope:	lte	version:	11.5	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.5	Trust: 0.9
vendor:	cisco	model:	policy suite	scope:	lt	version:	11.6(1)	Trust: 0.8
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.5(1)	Trust: 0.3
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.0(1)	Trust: 0.3
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.0	Trust: 0.3
vendor:	cisco	model:	unified customer voice portal	scope:	ne	version:	11.6(1)	Trust: 0.3

sources: BID: 102745 // JVNDB: JVNDB-2018-001503 // CNNVD: CNNVD-201801-632 // NVD: CVE-2018-0086

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0086
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0086
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201801-632
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118288
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0086
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118288
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0086
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118288 // JVNDB: JVNDB-2018-001503 // CNNVD: CNNVD-201801-632 // NVD: CVE-2018-0086

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-118288 // JVNDB: JVNDB-2018-001503 // NVD: CVE-2018-0086

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-632

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201801-632

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001503

PATCH

title:	cisco-sa-20180117-cvp	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp	Trust: 0.8
title:	Cisco Unified Customer Voice Portal application server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77812	Trust: 0.6

sources: JVNDB: JVNDB-2018-001503 // CNNVD: CNNVD-201801-632

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0086	Trust: 2.8
db:	BID	id:	102745	Trust: 2.0
db:	SECTRACK	id:	1040220	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-001503	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-632	Trust: 0.7
db:	VULHUB	id:	VHN-118288	Trust: 0.1

sources: VULHUB: VHN-118288 // BID: 102745 // JVNDB: JVNDB-2018-001503 // CNNVD: CNNVD-201801-632 // NVD: CVE-2018-0086

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-cvp	Trust: 2.0
url:	http://www.securityfocus.com/bid/102745	Trust: 1.7
url:	http://www.securitytracker.com/id/1040220	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0086	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0086	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118288 // BID: 102745 // JVNDB: JVNDB-2018-001503 // CNNVD: CNNVD-201801-632 // NVD: CVE-2018-0086

CREDITS

Cisco

Trust: 0.3

sources: BID: 102745

SOURCES

db:	VULHUB	id:	VHN-118288
db:	BID	id:	102745
db:	JVNDB	id:	JVNDB-2018-001503
db:	CNNVD	id:	CNNVD-201801-632
db:	NVD	id:	CVE-2018-0086

LAST UPDATE DATE

2024-11-23T22:22:15.092000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118288	date:	2019-10-09T00:00:00
db:	BID	id:	102745	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001503	date:	2018-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201801-632	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0086	date:	2024-11-21T03:37:29.657

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118288	date:	2018-01-18T00:00:00
db:	BID	id:	102745	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001503	date:	2018-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201801-632	date:	2018-01-22T00:00:00
db:	NVD	id:	CVE-2018-0086	date:	2018-01-18T06:29:00.317