cnvd - cnvd-2017-22167

cnvd-2017-22167

Vulnerability from cnvd

Title: Cisco TelePresence Video Communication Server拒绝服务漏洞（CNVD-2017-221679）

Description:

Cisco TelePresence Video Communication Server（VCS）是美国思科（Cisco）公司的一款网真视频通信服务器。Session Initiation Protocol（SIP）是其中的一个会话启动协议。

Cisco TelePresence VCS中的SIP存在拒绝服务漏洞。远程攻击者可通过向VCS发送大量的SIP流量利用该漏洞在目标系统上造成拒绝服务。

Severity: 中

Patch Name: Cisco TelePresence Video Communication Server拒绝服务漏洞（CNVD-2017-221679）的补丁

Patch Description:

Cisco TelePresence VCS中的SIP存在拒绝服务漏洞。远程攻击者可通过向VCS发送大量的SIP流量利用该漏洞在目标系统上造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6790

Impacted products

Name
Cisco TelePresence Video Communication Server (VCS)

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100369"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6790"
    }
  },
  "description": "Cisco TelePresence Video Communication Server\uff08VCS\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u771f\u89c6\u9891\u901a\u4fe1\u670d\u52a1\u5668\u3002Session Initiation Protocol\uff08SIP\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4f1a\u8bdd\u542f\u52a8\u534f\u8bae\u3002\r\n\r\nCisco TelePresence VCS\u4e2d\u7684SIP\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411VCS\u53d1\u9001\u5927\u91cf\u7684SIP\u6d41\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-22167",
  "openTime": "2017-08-22",
  "patchDescription": "Cisco TelePresence Video Communication Server\uff08VCS\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u771f\u89c6\u9891\u901a\u4fe1\u670d\u52a1\u5668\u3002Session Initiation Protocol\uff08SIP\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4f1a\u8bdd\u542f\u52a8\u534f\u8bae\u3002\r\n\r\nCisco TelePresence VCS\u4e2d\u7684SIP\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411VCS\u53d1\u9001\u5927\u91cf\u7684SIP\u6d41\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco TelePresence Video Communication Server\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-221679\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco TelePresence Video Communication Server (VCS)"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-6790",
  "serverity": "\u4e2d",
  "submitTime": "2017-08-18",
  "title": "Cisco TelePresence Video Communication Server\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-221679\uff09"
}

CVE-2017-6790 (GCVE-0-2017-6790)

Vulnerability from cvelistv5

Published

2017-08-17 20:00

Modified

2024-09-16 23:56

Severity ?

CWE

Denial of Service

Summary

A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/100369	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1039185	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco Systems, Inc.	TelePresence Video Communication Server (VCS)	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100369",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100369"
          },
          {
            "name": "1039185",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039185"
          },
          {
            "name": "20170816 Cisco TelePresence Video Communication Server Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TelePresence Video Communication Server (VCS)",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-18T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "100369",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100369"
        },
        {
          "name": "1039185",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039185"
        },
        {
          "name": "20170816 Cisco TelePresence Video Communication Server Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2017-08-16T00:00:00",
          "ID": "CVE-2017-6790",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TelePresence Video Communication Server (VCS)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100369",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100369"
            },
            {
              "name": "1039185",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039185"
            },
            {
              "name": "20170816 Cisco TelePresence Video Communication Server Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6790",
    "datePublished": "2017-08-17T20:00:00Z",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-09-16T23:56:09.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted