cvelistv5 - cve-2017-3808

CVE-2017-3808 (GCVE-0-2017-3808)

Vulnerability from cvelistv5 – Published: 2017-04-20 22:00 – Updated: 2024-08-05 14:39

Summary

A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.

Severity ?

No CVSS data available.

CWE

CWE-119

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1038318	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/97922	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Unified Communications Manager	Affected: Cisco Unified Communications Manager

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038318",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038318"
          },
          {
            "name": "97922",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97922"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Communications Manager",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Unified Communications Manager"
            }
          ]
        }
      ],
      "datePublic": "2017-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1038318",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038318"
        },
        {
          "name": "97922",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97922"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3808",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Communications Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Unified Communications Manager"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038318",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038318"
            },
            {
              "name": "97922",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97922"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3808",
    "datePublished": "2017-04-20T22:00:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.0\\\\(1.10000.12\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"815EF306-D944-4D2D-9378-C3E993E58592\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7313BFB4-34EF-4444-A6BC-A7BDB600C149\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(0.98000.88\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E944B20-B158-420D-9176-30F5B6C03D26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(1.98991.13\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EC63143-A977-4C92-8B03-A7AD152494A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(1.99995.9\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C62F7D1-CE41-4AA3-A4C9-6A77C4D45F70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(2.10000.5\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"520555C7-5E9B-4C76-AAB5-5DD8B29D18F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(2.12901.1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9524FB85-EA15-4837-9966-9DDBB527C4BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(2.13900.9\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E75B536F-094C-4997-B545-6AC2F49C2FC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(3.10000.9\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C52EECB0-65B5-46DF-800F-63AD2A784A71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.5_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6074A7B6-6640-4E74-9946-CC8D212F7740\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.0\\\\(0.98000.225\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCF56F1D-43C0-4921-A217-3F2A8E5758D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.0\\\\(1.10000.10\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F47282B9-8B76-40E0-B72C-A6A196A37A0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(0.98000.480\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"250B8894-9EE0-4F18-81BF-FEB317CE05DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(0.98000.486\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6C21111-3D26-4AC1-BBDA-4E004DEE5C3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(0.99838.4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12D8D2E4-8536-4708-94A9-DE0031EAF62E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1ECEEC7-52A0-41EE-B1CB-C4B09D6E6940\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.10000.6\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21BFC3A9-B6B1-49EE-A93A-6432BFE33E84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.11007.2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D666F53-ABC2-4DC1-BC03-83B5CDC0DE82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.12000.1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A590BFE0-536A-4E8A-AB30-F85A9FB3397D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"711B5CE0-3BA8-4DA6-A18C-D561ECC17A9B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el proceso de limitaci\\u00f3n del Session Initiation Protocol (SIP) UDP de Cisco Unified Communications Manager (Cisco Unified CM) podr\\u00eda permitir a un atacante remoto no autenticado provocar una denegaci\\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a una protecci\\u00f3n insuficiente de la tasa de limitaci\\u00f3n. Un atacante podr\\u00eda explotar esta vulnerabilidad enviando al dispositivo afectado una alta tasa de mensajes SIP. Un exploit podr\\u00eda permitir al atacante hacer que el dispositivo se recargue inesperadamente. El dispositivo y los servicios se reiniciar\\u00e1n autom\\u00e1ticamente. Esta vulnerabilidad afecta a las versiones de Cisco Unified Communications Manager (CallManager) This vulnerability affects Cisco Unified Communications Manager (CallManager) anteriores a la primera versi\\u00f3n fija; la siguiente lista indica la primera versi\\u00f3n secundaria que incluye la correcci\\u00f3n para esta vulnerabilidad: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.\"}]",
      "id": "CVE-2017-3808",
      "lastModified": "2024-11-21T03:26:09.430",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-04-20T22:59:00.277",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/97922\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038318\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97922\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038318\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-3808\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2017-04-20T22:59:00.277\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el proceso de limitaci\u00f3n del Session Initiation Protocol (SIP) UDP de Cisco Unified Communications Manager (Cisco Unified CM) podr\u00eda permitir a un atacante remoto no autenticado provocar una denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a una protecci\u00f3n insuficiente de la tasa de limitaci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad enviando al dispositivo afectado una alta tasa de mensajes SIP. Un exploit podr\u00eda permitir al atacante hacer que el dispositivo se recargue inesperadamente. El dispositivo y los servicios se reiniciar\u00e1n autom\u00e1ticamente. Esta vulnerabilidad afecta a las versiones de Cisco Unified Communications Manager (CallManager) This vulnerability affects Cisco Unified Communications Manager (CallManager) anteriores a la primera versi\u00f3n fija; la siguiente lista indica la primera versi\u00f3n secundaria que incluye la correcci\u00f3n para esta vulnerabilidad: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.0\\\\(1.10000.12\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"815EF306-D944-4D2D-9378-C3E993E58592\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7313BFB4-34EF-4444-A6BC-A7BDB600C149\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(0.98000.88\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E944B20-B158-420D-9176-30F5B6C03D26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(1.98991.13\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EC63143-A977-4C92-8B03-A7AD152494A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(1.99995.9\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C62F7D1-CE41-4AA3-A4C9-6A77C4D45F70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(2.10000.5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"520555C7-5E9B-4C76-AAB5-5DD8B29D18F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(2.12901.1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9524FB85-EA15-4837-9966-9DDBB527C4BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(2.13900.9\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E75B536F-094C-4997-B545-6AC2F49C2FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\(3.10000.9\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C52EECB0-65B5-46DF-800F-63AD2A784A71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.5_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6074A7B6-6640-4E74-9946-CC8D212F7740\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.0\\\\(0.98000.225\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCF56F1D-43C0-4921-A217-3F2A8E5758D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.0\\\\(1.10000.10\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F47282B9-8B76-40E0-B72C-A6A196A37A0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(0.98000.480\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"250B8894-9EE0-4F18-81BF-FEB317CE05DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(0.98000.486\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6C21111-3D26-4AC1-BBDA-4E004DEE5C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(0.99838.4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12D8D2E4-8536-4708-94A9-DE0031EAF62E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1ECEEC7-52A0-41EE-B1CB-C4B09D6E6940\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.10000.6\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21BFC3A9-B6B1-49EE-A93A-6432BFE33E84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.11007.2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D666F53-ABC2-4DC1-BC03-83B5CDC0DE82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.12000.1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A590BFE0-536A-4E8A-AB30-F85A9FB3397D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"711B5CE0-3BA8-4DA6-A18C-D561ECC17A9B\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97922\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038318\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038318\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2017-3808

Vulnerability from fkie_nvd - Published: 2017-04-20 22:59 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/97922	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1038318
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97922	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038318
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_communications_manager	10.0\(1.10000.12\)
cisco	unified_communications_manager	10.0_base
cisco	unified_communications_manager	10.5\(0.98000.88\)
cisco	unified_communications_manager	10.5\(1.98991.13\)
cisco	unified_communications_manager	10.5\(1.99995.9\)
cisco	unified_communications_manager	10.5\(2.10000.5\)
cisco	unified_communications_manager	10.5\(2.12901.1\)
cisco	unified_communications_manager	10.5\(2.13900.9\)
cisco	unified_communications_manager	10.5\(3.10000.9\)
cisco	unified_communications_manager	10.5_base
cisco	unified_communications_manager	11.0\(0.98000.225\)
cisco	unified_communications_manager	11.0\(1.10000.10\)
cisco	unified_communications_manager	11.5\(0.98000.480\)
cisco	unified_communications_manager	11.5\(0.98000.486\)
cisco	unified_communications_manager	11.5\(0.99838.4\)
cisco	unified_communications_manager	11.5\(1.2\)
cisco	unified_communications_manager	11.5\(1.10000.6\)
cisco	unified_communications_manager	11.5\(1.11007.2\)
cisco	unified_communications_manager	11.5\(1.12000.1\)
cisco	unified_communications_manager	11.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1.10000.12\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "815EF306-D944-4D2D-9378-C3E993E58592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "7313BFB4-34EF-4444-A6BC-A7BDB600C149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(0.98000.88\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5E944B20-B158-420D-9176-30F5B6C03D26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(1.98991.13\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC63143-A977-4C92-8B03-A7AD152494A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(1.99995.9\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7C62F7D1-CE41-4AA3-A4C9-6A77C4D45F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.12901.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9524FB85-EA15-4837-9966-9DDBB527C4BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.13900.9\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E75B536F-094C-4997-B545-6AC2F49C2FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(3.10000.9\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C52EECB0-65B5-46DF-800F-63AD2A784A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "6074A7B6-6640-4E74-9946-CC8D212F7740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(0.98000.225\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DCF56F1D-43C0-4921-A217-3F2A8E5758D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F47282B9-8B76-40E0-B72C-A6A196A37A0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.98000.480\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "250B8894-9EE0-4F18-81BF-FEB317CE05DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.98000.486\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C21111-3D26-4AC1-BBDA-4E004DEE5C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.99838.4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "12D8D2E4-8536-4708-94A9-DE0031EAF62E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E1ECEEC7-52A0-41EE-B1CB-C4B09D6E6940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.11007.2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7D666F53-ABC2-4DC1-BC03-83B5CDC0DE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.12000.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A590BFE0-536A-4E8A-AB30-F85A9FB3397D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "711B5CE0-3BA8-4DA6-A18C-D561ECC17A9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el proceso de limitaci\u00f3n del Session Initiation Protocol (SIP) UDP de Cisco Unified Communications Manager (Cisco Unified CM) podr\u00eda permitir a un atacante remoto no autenticado provocar una denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a una protecci\u00f3n insuficiente de la tasa de limitaci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad enviando al dispositivo afectado una alta tasa de mensajes SIP. Un exploit podr\u00eda permitir al atacante hacer que el dispositivo se recargue inesperadamente. El dispositivo y los servicios se reiniciar\u00e1n autom\u00e1ticamente. Esta vulnerabilidad afecta a las versiones de Cisco Unified Communications Manager (CallManager) This vulnerability affects Cisco Unified Communications Manager (CallManager) anteriores a la primera versi\u00f3n fija; la siguiente lista indica la primera versi\u00f3n secundaria que incluye la correcci\u00f3n para esta vulnerabilidad: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455."
    }
  ],
  "id": "CVE-2017-3808",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-20T22:59:00.277",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97922"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1038318"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-06011

Vulnerability from cnvd - Published: 2017-05-06

Title

Cisco Unified Communications Manager UDP处理拒绝服务漏洞

Description

Cisco Unified Communications Manager是企业级IP电话呼叫处理系统。 Cisco Unified Communications Manager在Session Initiation Protocol (SIP) UDP节流进程存在安全漏洞，允许远程攻击者利用漏洞提交特殊的请求，使应用程序崩溃。

Severity

高

Patch Name

Cisco Unified Communications Manager UDP处理拒绝服务漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm

Reference

http://www.securityfocus.com/bid/97922 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm

Impacted products

Name
['Cisco Unified Communications Manager (UCM) 11.0(1.10000.10)', 'Cisco Unified Communications Manager (UCM) 11.5(1.10000.6)', 'Cisco Unified Communications Manager (UCM) 10.5(2.10000.5)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97922"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3808"
    }
  },
  "description": "Cisco Unified Communications Manager\u662f\u4f01\u4e1a\u7ea7IP\u7535\u8bdd\u547c\u53eb\u5904\u7406\u7cfb\u7edf\u3002\r\n\r\nCisco Unified Communications Manager\u5728Session Initiation Protocol (SIP) UDP\u8282\u6d41\u8fdb\u7a0b\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06011",
  "openTime": "2017-05-06",
  "patchDescription": "Cisco Unified Communications Manager\u662f\u4f01\u4e1a\u7ea7IP\u7535\u8bdd\u547c\u53eb\u5904\u7406\u7cfb\u7edf\u3002\r\n\r\nCisco Unified Communications Manager\u5728Session Initiation Protocol (SIP) UDP\u8282\u6d41\u8fdb\u7a0b\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unified Communications Manager UDP\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Unified Communications Manager (UCM) 11.0(1.10000.10)",
      "Cisco Unified Communications Manager (UCM) 11.5(1.10000.6)",
      "Cisco Unified Communications Manager (UCM) 10.5(2.10000.5)"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97922\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-20",
  "title": "Cisco Unified Communications Manager UDP\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CERTFR-2017-AVI-127

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Adaptive Security Appliance	Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Cisco ASA 5500 Series Adaptive Security Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	Unified Communications Manager	Cisco Unified Communications Manager (CallManager) sans le dernier correctif de sécurité
Cisco	N/A	Firepower 9300 Series Security Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	Adaptive Security Appliance	Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Cisco ISA 3000 Industrial Security Appliance (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	N/A	Sourcefire 3D System Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Cisco Adaptive Security Virtual Appliance (ASAv, voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	N/A	Cisco ASA 1000V Cloud Firewall (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	N/A	Firepower 4100 Series Security Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Cisco ASA Services Module pour les commutateurs Cisco Catalyst séries 6500 et les routeurs Cisco séries 7600 (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	Firepower Threat Defense	FirePOWER Threat Defense for Integrated Services Routers (ISRs, voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Industrial Security Appliance 3000 (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	FirePOWER 7000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	IOS XE	Cisco IOS et Cisco IOS XE avec le module EnergyWise activé, sans le dernier correctif de sécurité
Cisco	N/A	FirePOWER 8000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Cisco Firepower 9300 ASA Security Module (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	N/A	Cisco ASA 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170419-asa-xauth du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-asa-ipsec du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-asa-dns du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-energywise du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-fpsnort du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-ucm du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-asa-tls du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-asa-xauth du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-fpsnort du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-asa-ipsec du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-asa-tls du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-asa-dns du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-energywise du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-ucm du 19 avril 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5500 Series Adaptive Security Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager (CallManager) sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower 9300 Series Security Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ISA 3000 Industrial Security Appliance (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Sourcefire 3D System Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Adaptive Security Virtual Appliance (ASAv, voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 1000V Cloud Firewall (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower 4100 Series Security Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA Services Module pour les commutateurs Cisco Catalyst s\u00e9ries 6500 et les routeurs Cisco s\u00e9ries 7600 (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "FirePOWER Threat Defense for Integrated Services Routers (ISRs, voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "Firepower Threat Defense",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Industrial Security Appliance 3000 (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "FirePOWER 7000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS et Cisco IOS XE avec le module EnergyWise activ\u00e9, sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "FirePOWER 8000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Firepower 9300 ASA Security Module (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3862"
    },
    {
      "name": "CVE-2017-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3863"
    },
    {
      "name": "CVE-2017-3861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3861"
    },
    {
      "name": "CVE-2017-6609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6609"
    },
    {
      "name": "CVE-2017-3808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3808"
    },
    {
      "name": "CVE-2016-6368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6368"
    },
    {
      "name": "CVE-2017-6608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6608"
    },
    {
      "name": "CVE-2017-6607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6607"
    },
    {
      "name": "CVE-2017-3860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3860"
    },
    {
      "name": "CVE-2017-6610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6610"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-xauth du    19 avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-fpsnort du 19    avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-ipsec du    19 avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-tls du 19    avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-dns du 19    avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-energywise du    19 avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-ucm du 19    avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
    }
  ],
  "reference": "CERTFR-2017-AVI-127",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-xauth du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-ipsec du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-dns du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-energywise du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-fpsnort du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-ucm du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-tls du 19 avril 2017",
      "url": null
    }
  ]
}

CERTFR-2017-AVI-127

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Adaptive Security Appliance	Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Cisco ASA 5500 Series Adaptive Security Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	Unified Communications Manager	Cisco Unified Communications Manager (CallManager) sans le dernier correctif de sécurité
Cisco	N/A	Firepower 9300 Series Security Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	Adaptive Security Appliance	Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Cisco ISA 3000 Industrial Security Appliance (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	N/A	Sourcefire 3D System Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Cisco Adaptive Security Virtual Appliance (ASAv, voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	N/A	Cisco ASA 1000V Cloud Firewall (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	N/A	Firepower 4100 Series Security Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Cisco ASA Services Module pour les commutateurs Cisco Catalyst séries 6500 et les routeurs Cisco séries 7600 (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	Firepower Threat Defense	FirePOWER Threat Defense for Integrated Services Routers (ISRs, voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Industrial Security Appliance 3000 (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	FirePOWER 7000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	IOS XE	Cisco IOS et Cisco IOS XE avec le module EnergyWise activé, sans le dernier correctif de sécurité
Cisco	N/A	FirePOWER 8000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System)
Cisco	N/A	Cisco Firepower 9300 ASA Security Module (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)
Cisco	N/A	Cisco ASA 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA)

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170419-asa-xauth du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-asa-ipsec du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-asa-dns du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-energywise du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-fpsnort du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-ucm du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-asa-tls du 19 avril 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170419-asa-xauth du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-fpsnort du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-asa-ipsec du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-asa-tls du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-asa-dns du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-energywise du 19 avril 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170419-ucm du 19 avril 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5500 Series Adaptive Security Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager (CallManager) sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower 9300 Series Security Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ISA 3000 Industrial Security Appliance (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Sourcefire 3D System Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Adaptive Security Virtual Appliance (ASAv, voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 1000V Cloud Firewall (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower 4100 Series Security Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA Services Module pour les commutateurs Cisco Catalyst s\u00e9ries 6500 et les routeurs Cisco s\u00e9ries 7600 (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "FirePOWER Threat Defense for Integrated Services Routers (ISRs, voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "Firepower Threat Defense",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Industrial Security Appliance 3000 (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "FirePOWER 7000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS et Cisco IOS XE avec le module EnergyWise activ\u00e9, sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "FirePOWER 8000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Firepower 9300 ASA Security Module (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3862"
    },
    {
      "name": "CVE-2017-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3863"
    },
    {
      "name": "CVE-2017-3861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3861"
    },
    {
      "name": "CVE-2017-6609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6609"
    },
    {
      "name": "CVE-2017-3808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3808"
    },
    {
      "name": "CVE-2016-6368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6368"
    },
    {
      "name": "CVE-2017-6608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6608"
    },
    {
      "name": "CVE-2017-6607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6607"
    },
    {
      "name": "CVE-2017-3860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3860"
    },
    {
      "name": "CVE-2017-6610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6610"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-xauth du    19 avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-fpsnort du 19    avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-ipsec du    19 avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-tls du 19    avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-dns du 19    avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-energywise du    19 avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-ucm du 19    avril 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
    }
  ],
  "reference": "CERTFR-2017-AVI-127",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-xauth du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-ipsec du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-dns du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-energywise du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-fpsnort du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-ucm du 19 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-tls du 19 avril 2017",
      "url": null
    }
  ]
}

GSD-2017-3808

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-3808

Aliases

CVE-2017-3808

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3808",
    "description": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.",
    "id": "GSD-2017-3808"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3808"
      ],
      "details": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.",
      "id": "GSD-2017-3808",
      "modified": "2023-12-13T01:21:16.678951Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-3808",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Unified Communications Manager",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Unified Communications Manager"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-119"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038318",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038318"
          },
          {
            "name": "97922",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97922"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(1.99995.9\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(0.98000.88\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(0.98000.225\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1.10000.12\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.12901.1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(1.98991.13\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.13900.9\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.98000.486\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.98000.480\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.99838.4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(3.10000.9\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.12000.1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.11007.2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3808"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
            },
            {
              "name": "97922",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97922"
            },
            {
              "name": "1038318",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038318"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-07-11T01:33Z",
      "publishedDate": "2017-04-20T22:59Z"
    }
  }
}

VAR-201704-0646

Vulnerability from variot - Updated: 2023-12-18 13:57

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0646",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.5\\(1.2\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.5\\(0.98000.486\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.0\\(1.10000.10\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.5\\(0.98000.88\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.5\\(2.12901.1\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.5\\(0.98000.480\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.5\\(1.99995.9\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.5\\(1.98991.13\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.5\\(1.11007.2\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.5\\(1.10000.6\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.5\\(3.10000.9\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.5_base"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.0_base"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.0\\(1.10000.12\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(0.99838.4\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.12000.1\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.0\\(0.98000.225\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.5\\(2.13900.9\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.5\\(2.10000.5\\)"
      },
      {
        "model": "unified communications manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5(1.10000.6)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(1.10000.10)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.10000.5)"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5(1.12900.2)"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(1.23900.5)"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.14900.16)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "97922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1070"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(1.99995.9\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(0.98000.88\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(0.98000.225\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1.10000.12\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.12901.1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(1.98991.13\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.13900.9\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.98000.486\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.98000.480\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.99838.4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(3.10000.9\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.12000.1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.11007.2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3808"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "97922"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3808",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-3808",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-112011",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-3808",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3808",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-1070",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-112011",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1070"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455. Cisco Unified Communications Manager (Cisco Unified CM) Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuz72455 It is released as.Service operation interruption (DoS) An attack may be carried out. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3808"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      },
      {
        "db": "BID",
        "id": "97922"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112011"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3808",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "97922",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1038318",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003368",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1070",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "36493",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-112011",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112011"
      },
      {
        "db": "BID",
        "id": "97922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1070"
      }
    ]
  },
  "id": "VAR-201704-0646",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112011"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:57:25.881000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170419-ucm",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170419-ucm"
      },
      {
        "title": "Cisco Unified Communications Manager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69462"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1070"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3808"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170419-ucm"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/97922"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038318"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3808"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3808"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/36493"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112011"
      },
      {
        "db": "BID",
        "id": "97922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1070"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-112011"
      },
      {
        "db": "BID",
        "id": "97922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1070"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112011"
      },
      {
        "date": "2017-04-19T00:00:00",
        "db": "BID",
        "id": "97922"
      },
      {
        "date": "2017-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      },
      {
        "date": "2017-04-20T22:59:00.277000",
        "db": "NVD",
        "id": "CVE-2017-3808"
      },
      {
        "date": "2017-04-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-1070"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112011"
      },
      {
        "date": "2017-05-02T01:06:00",
        "db": "BID",
        "id": "97922"
      },
      {
        "date": "2017-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      },
      {
        "date": "2017-07-11T01:33:43.580000",
        "db": "NVD",
        "id": "CVE-2017-3808"
      },
      {
        "date": "2017-04-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-1070"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1070"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Communications Manager Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003368"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1070"
      }
    ],
    "trust": 0.6
  }
}

GHSA-GRGM-FW5H-3QW3

Vulnerability from github – Published: 2022-05-17 02:32 – Updated: 2022-05-17 02:32

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3808"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-20T22:59:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.",
  "id": "GHSA-grgm-fw5h-3qw3",
  "modified": "2022-05-17T02:32:18Z",
  "published": "2022-05-17T02:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3808"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97922"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038318"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-3808 (GCVE-0-2017-3808)

FKIE_CVE-2017-3808

CNVD-2017-06011

CERTFR-2017-AVI-127

Solution

CERTFR-2017-AVI-127

Solution

GSD-2017-3808

VAR-201704-0646

GHSA-GRGM-FW5H-3QW3

Tags

Sightings

Nomenclature