cnvd - cnvd-2018-03154

cnvd-2018-03154

Vulnerability from cnvd

Title: Cisco Unified Customer Voice Portal拒绝服务漏洞

Description:

Cisco Unified Customer Voice Portal (CVP)可用作独立的交互式语音响应（IVR）系统或与联络中心集成。

Cisco Unified Customer Voice Portal (CVP)存在拒绝服务漏洞。远程用户可通过在与思科虚拟化语音浏览器(VVB)通信时发送特制SIP INVITE请求，利用该漏洞影响目标设备上服务和数据的可用性。

Severity: 中

Patch Name: Cisco Unified Customer Voice Portal拒绝服务漏洞的补丁

Patch Description:

Cisco Unified Customer Voice Portal (CVP)可用作独立的交互式语音响应（IVR）系统或与联络中心集成。

Cisco Unified Customer Voice Portal (CVP)存在拒绝服务漏洞。远程用户可通过在与思科虚拟化语音浏览器(VVB)通信时发送特制SIP INVITE请求，利用该漏洞影响目标设备上服务和数据的可用性。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp

Reference: https://www.securityfocus.com/bid/102745 https://nvd.nist.gov/vuln/detail/CVE-2018-0086

Impacted products

Name
Cisco Unified Customer Voice Portal <11.6(1)

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102745"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0086"
    }
  },
  "description": "Cisco Unified Customer Voice Portal (CVP)\u53ef\u7528\u4f5c\u72ec\u7acb\u7684\u4ea4\u4e92\u5f0f\u8bed\u97f3\u54cd\u5e94\uff08IVR\uff09\u7cfb\u7edf\u6216\u4e0e\u8054\u7edc\u4e2d\u5fc3\u96c6\u6210\u3002\r\n\r\nCisco Unified Customer Voice Portal (CVP)\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u7528\u6237\u53ef\u901a\u8fc7\u5728\u4e0e\u601d\u79d1\u865a\u62df\u5316\u8bed\u97f3\u6d4f\u89c8\u5668(VVB)\u901a\u4fe1\u65f6\u53d1\u9001\u7279\u5236SIP INVITE\u8bf7\u6c42\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u76ee\u6807\u8bbe\u5907\u4e0a\u670d\u52a1\u548c\u6570\u636e\u7684\u53ef\u7528\u6027\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-03154",
  "openTime": "2018-02-11",
  "patchDescription": "Cisco Unified Customer Voice Portal (CVP)\u53ef\u7528\u4f5c\u72ec\u7acb\u7684\u4ea4\u4e92\u5f0f\u8bed\u97f3\u54cd\u5e94\uff08IVR\uff09\u7cfb\u7edf\u6216\u4e0e\u8054\u7edc\u4e2d\u5fc3\u96c6\u6210\u3002\r\n\r\nCisco Unified Customer Voice Portal (CVP)\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u7528\u6237\u53ef\u901a\u8fc7\u5728\u4e0e\u601d\u79d1\u865a\u62df\u5316\u8bed\u97f3\u6d4f\u89c8\u5668(VVB)\u901a\u4fe1\u65f6\u53d1\u9001\u7279\u5236SIP INVITE\u8bf7\u6c42\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u76ee\u6807\u8bbe\u5907\u4e0a\u670d\u52a1\u548c\u6570\u636e\u7684\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unified Customer Voice Portal\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Unified Customer Voice Portal \u003c11.6(1)"
  },
  "referenceLink": "https://www.securityfocus.com/bid/102745\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0086",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-18",
  "title": "Cisco Unified Customer Voice Portal\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-0086 (GCVE-0-2018-0086)

Vulnerability from cvelistv5

Published

2018-01-18 06:00

Modified

2024-12-02 21:46

Severity ?

CWE

CWE-400

Summary

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1040220	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/102745	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Unified Customer Voice Portal	Version: Cisco Unified Customer Voice Portal

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040220",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040220"
          },
          {
            "name": "102745",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102745"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0086",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T19:11:53.386981Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T21:46:25.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Customer Voice Portal",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Unified Customer Voice Portal"
            }
          ]
        }
      ],
      "datePublic": "2018-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-23T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1040220",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040220"
        },
        {
          "name": "102745",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102745"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Customer Voice Portal",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Unified Customer Voice Portal"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040220",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040220"
            },
            {
              "name": "102745",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102745"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0086",
    "datePublished": "2018-01-18T06:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-12-02T21:46:25.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted