ID

VAR-202002-0692


CVE

CVE-2020-3163


TITLE

Cisco Unified Contact Center Enterprise Race condition vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002137

DESCRIPTION

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection

Trust: 1.71

sources: NVD: CVE-2020-3163 // JVNDB: JVNDB-2020-002137 // VULHUB: VHN-181288

AFFECTED PRODUCTS

vendor:ciscomodel:unified contact center enterprisescope:ltversion:12.5\(1\)

Trust: 1.0

vendor:ciscomodel:unified contact center enterprisescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-002137 // NVD: CVE-2020-3163

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3163
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3163
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002137
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202002-964
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181288
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3163
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002137
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181288
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3163
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3163
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002137
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181288 // JVNDB: JVNDB-2020-002137 // CNNVD: CNNVD-202002-964 // NVD: CVE-2020-3163 // NVD: CVE-2020-3163

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-181288 // JVNDB: JVNDB-2020-002137 // NVD: CVE-2020-3163

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-964

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202002-964

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002137

PATCH

title:cisco-sa-ucce-tip-dos-7cdLUASburl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-tip-dos-7cdLUASb

Trust: 0.8

title:Cisco Unified Contact Center Enterprise Repair measures for the competition condition problem loopholeurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110029

Trust: 0.6

sources: JVNDB: JVNDB-2020-002137 // CNNVD: CNNVD-202002-964

EXTERNAL IDS

db:NVDid:CVE-2020-3163

Trust: 2.5

db:JVNDBid:JVNDB-2020-002137

Trust: 0.8

db:CNNVDid:CNNVD-202002-964

Trust: 0.7

db:AUSCERTid:ESB-2020.0604

Trust: 0.6

db:CNVDid:CNVD-2020-10709

Trust: 0.1

db:VULHUBid:VHN-181288

Trust: 0.1

sources: VULHUB: VHN-181288 // JVNDB: JVNDB-2020-002137 // CNNVD: CNNVD-202002-964 // NVD: CVE-2020-3163

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucce-tip-dos-7cdluasb

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3163

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3163

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-unified-contact-center-enterprise-overload-via-inbound-live-data-traffic-31643

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0604/

Trust: 0.6

sources: VULHUB: VHN-181288 // JVNDB: JVNDB-2020-002137 // CNNVD: CNNVD-202002-964 // NVD: CVE-2020-3163

SOURCES

db:VULHUBid:VHN-181288
db:JVNDBid:JVNDB-2020-002137
db:CNNVDid:CNNVD-202002-964
db:NVDid:CVE-2020-3163

LAST UPDATE DATE

2024-08-14T15:28:16.957000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181288date:2020-02-24T00:00:00
db:JVNDBid:JVNDB-2020-002137date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-964date:2021-01-05T00:00:00
db:NVDid:CVE-2020-3163date:2020-02-24T13:46:23.817

SOURCES RELEASE DATE

db:VULHUBid:VHN-181288date:2020-02-19T00:00:00
db:JVNDBid:JVNDB-2020-002137date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-964date:2020-02-19T00:00:00
db:NVDid:CVE-2020-3163date:2020-02-19T20:15:15.660