Details of VAR-201802-0604

ID

VAR-201802-0604

CVE

CVE-2018-0139

TITLE

Cisco Unified Customer Voice Portal Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002415

DESCRIPTION

A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability by initiating a crafted connection to the IP address of the targeted CVP device. An exploit could allow the attacker to disconnect the IVR to CVP connection, creating a DoS condition that prevents the CVP from accepting new, incoming calls while the IVR automatically attempts to re-establish the connection to the CVP. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1). Cisco Bug IDs: CSCve70560. Vendors have confirmed this vulnerability Bug ID CSCve70560 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions

Trust: 1.98

sources: NVD: CVE-2018-0139 // JVNDB: JVNDB-2018-002415 // BID: 103124 // VULHUB: VHN-118341

AFFECTED PRODUCTS

vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.6	Trust: 1.9
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.5(1)	Trust: 1.1
vendor:	cisco	model:	unified customer voice portal	scope:	ne	version:	11.6(1)	Trust: 0.3

sources: BID: 103124 // JVNDB: JVNDB-2018-002415 // CNNVD: CNNVD-201802-439 // NVD: CVE-2018-0139

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0139
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0139
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201802-439
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118341
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0139
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118341
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0139
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0139
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118341 // JVNDB: JVNDB-2018-002415 // CNNVD: CNNVD-201802-439 // NVD: CVE-2018-0139

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: VULHUB: VHN-118341 // JVNDB: JVNDB-2018-002415 // NVD: CVE-2018-0139

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-439

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201802-439

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002415

PATCH

title:

cisco-sa-20180221-cvp

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cvp

Trust: 0.8

sources: JVNDB: JVNDB-2018-002415

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0139	Trust: 2.8
db:	BID	id:	103124	Trust: 2.0
db:	SECTRACK	id:	1040414	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002415	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-439	Trust: 0.7
db:	VULHUB	id:	VHN-118341	Trust: 0.1

sources: VULHUB: VHN-118341 // BID: 103124 // JVNDB: JVNDB-2018-002415 // CNNVD: CNNVD-201802-439 // NVD: CVE-2018-0139

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180221-cvp	Trust: 2.0
url:	http://www.securityfocus.com/bid/103124	Trust: 1.7
url:	http://www.securitytracker.com/id/1040414	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0139	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0139	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118341 // BID: 103124 // JVNDB: JVNDB-2018-002415 // CNNVD: CNNVD-201802-439 // NVD: CVE-2018-0139

CREDITS

Cisco

Trust: 0.3

sources: BID: 103124

SOURCES

db:	VULHUB	id:	VHN-118341
db:	BID	id:	103124
db:	JVNDB	id:	JVNDB-2018-002415
db:	CNNVD	id:	CNNVD-201802-439
db:	NVD	id:	CVE-2018-0139

LAST UPDATE DATE

2024-11-23T22:38:16.430000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118341	date:	2020-09-04T00:00:00
db:	BID	id:	103124	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002415	date:	2018-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201802-439	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0139	date:	2024-11-21T03:37:35.830

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118341	date:	2018-02-22T00:00:00
db:	BID	id:	103124	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002415	date:	2018-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201802-439	date:	2018-02-22T00:00:00
db:	NVD	id:	CVE-2018-0139	date:	2018-02-22T00:29:00.377