Unknown
CVE-2017-3790
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- expressway x8.1 base,
- expressway x8.1.0,
- expressway x8.1.1,
- expressway x8.1.2,
- expressway x8.2 base,
- expressway x8.2.1,
- expressway x8.2.2,
- expressway x8.5,
- expressway x8.5 base,
- expressway x8.5.0,
- expressway x8.5.1,
- expressway x8.5.2,
- expressway x8.5.3,
- expressway x8.6.0,
- expressway x8.6.1,
- expressway x8.7.0,
- expressway x8.7.1,
- expressway x8.7.2,
- expressway x8.7.3,
- expressway x8.8.0,
- expressway x8.8.1,
- telepresence video communication server x5.2 base,
- telepresence video communication server x6.0 base,
- telepresence video communication server x6.1 base,
- telepresence video communication server x7.0.0,
- telepresence video communication server x7.0.1,
- telepresence video communication server x7.0.2,
- telepresence video communication server x7.0.3,
- telepresence video communication server x7.1 base,
- telepresence video communication server x7.2.0,
- telepresence video communication server x7.2.1,
- telepresence video communication server x7.2.2
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
