cnvd - cnvd-2017-06011

CNVD-2017-06011

Vulnerability from cnvd - Published: 2017-05-06

Title

Cisco Unified Communications Manager UDP处理拒绝服务漏洞

Description

Cisco Unified Communications Manager是企业级IP电话呼叫处理系统。 Cisco Unified Communications Manager在Session Initiation Protocol (SIP) UDP节流进程存在安全漏洞，允许远程攻击者利用漏洞提交特殊的请求，使应用程序崩溃。

Severity

高

Patch Name

Cisco Unified Communications Manager UDP处理拒绝服务漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm

Reference

http://www.securityfocus.com/bid/97922 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm

Impacted products

Name
['Cisco Unified Communications Manager (UCM) 11.0(1.10000.10)', 'Cisco Unified Communications Manager (UCM) 11.5(1.10000.6)', 'Cisco Unified Communications Manager (UCM) 10.5(2.10000.5)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97922"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3808"
    }
  },
  "description": "Cisco Unified Communications Manager\u662f\u4f01\u4e1a\u7ea7IP\u7535\u8bdd\u547c\u53eb\u5904\u7406\u7cfb\u7edf\u3002\r\n\r\nCisco Unified Communications Manager\u5728Session Initiation Protocol (SIP) UDP\u8282\u6d41\u8fdb\u7a0b\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06011",
  "openTime": "2017-05-06",
  "patchDescription": "Cisco Unified Communications Manager\u662f\u4f01\u4e1a\u7ea7IP\u7535\u8bdd\u547c\u53eb\u5904\u7406\u7cfb\u7edf\u3002\r\n\r\nCisco Unified Communications Manager\u5728Session Initiation Protocol (SIP) UDP\u8282\u6d41\u8fdb\u7a0b\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unified Communications Manager UDP\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Unified Communications Manager (UCM) 11.0(1.10000.10)",
      "Cisco Unified Communications Manager (UCM) 11.5(1.10000.6)",
      "Cisco Unified Communications Manager (UCM) 10.5(2.10000.5)"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97922\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-20",
  "title": "Cisco Unified Communications Manager UDP\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2017-3808 (GCVE-0-2017-3808)

Vulnerability from cvelistv5 – Published: 2017-04-20 22:00 – Updated: 2024-08-05 14:39

Summary

A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.

Severity ?

No CVSS data available.

CWE

CWE-119

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1038318	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/97922	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Unified Communications Manager	Affected: Cisco Unified Communications Manager

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038318",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038318"
          },
          {
            "name": "97922",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97922"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Communications Manager",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Unified Communications Manager"
            }
          ]
        }
      ],
      "datePublic": "2017-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1038318",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038318"
        },
        {
          "name": "97922",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97922"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3808",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Communications Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Unified Communications Manager"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038318",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038318"
            },
            {
              "name": "97922",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97922"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3808",
    "datePublished": "2017-04-20T22:00:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-06011

CVE-2017-3808 (GCVE-0-2017-3808)

Tags

Sightings

Nomenclature