All the vulnerabilites related to Cisco Systems, Inc. - Unified Communications Manager IM & Presence Service (CUCM IM&P)
cve-2018-0409
Vulnerability from cvelistv5
Published
2018-08-15 20:00
Modified
2024-11-26 14:48
Severity ?
EPSS score ?
Summary
A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041534 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/105104 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1041533 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/105102 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Cisco Systems, Inc. | Unified Communications Manager IM & Presence Service (CUCM IM&P) |
Version: unspecified |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:21:15.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041534",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041534"
},
{
"name": "105104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105104"
},
{
"name": "20180815 Cisco Unified Communications Manager IM \u0026 Presence Service Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos"
},
{
"name": "1041533",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041533"
},
{
"name": "105102",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105102"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:53:37.239335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:48:15.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Unified Communications Manager IM \u0026 Presence Service (CUCM IM\u0026P)",
"vendor": "Cisco Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "TelePresence Video Communication Server (VCS) and Expressway",
"vendor": "Cisco Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"datePublic": "2018-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM \u0026 Presence Service (CUCM IM\u0026P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM\u0026P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1041534",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041534"
},
{
"name": "105104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105104"
},
{
"name": "20180815 Cisco Unified Communications Manager IM \u0026 Presence Service Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos"
},
{
"name": "1041533",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041533"
},
{
"name": "105102",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-08-15T00:00:00",
"ID": "CVE-2018-0409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unified Communications Manager IM \u0026 Presence Service (CUCM IM\u0026P)",
"version": {
"version_data": [
{
"version_value": "unspecified"
}
]
}
},
{
"product_name": "TelePresence Video Communication Server (VCS) and Expressway",
"version": {
"version_data": [
{
"version_value": "unspecified"
}
]
}
}
]
},
"vendor_name": "Cisco Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM \u0026 Presence Service (CUCM IM\u0026P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM\u0026P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041534",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041534"
},
{
"name": "105104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105104"
},
{
"name": "20180815 Cisco Unified Communications Manager IM \u0026 Presence Service Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos"
},
{
"name": "1041533",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041533"
},
{
"name": "105102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0409",
"datePublished": "2018-08-15T20:00:00Z",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-26T14:48:15.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}