cvelistv5 - cve-2017-3825

CVE-2017-3825 (GCVE-0-2017-3825)

Vulnerability from cvelistv5 – Published: 2017-05-16 17:00 – Updated: 2024-08-05 14:39

Summary

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396.

Severity ?

No CVSS data available.

CWE

CWE-20

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/98293	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038392	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco TelePresence	Affected: Cisco TelePresence

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98293",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98293"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
          },
          {
            "name": "1038392",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038392"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco TelePresence",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco TelePresence"
            }
          ]
        }
      ],
      "datePublic": "2017-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "98293",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98293"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
        },
        {
          "name": "1038392",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038392"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3825",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco TelePresence",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco TelePresence"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98293",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98293"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
            },
            {
              "name": "1038392",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038392"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3825",
    "datePublished": "2017-05-16T17:00:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_ce:8.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DA23C42-4078-4C0F-9E5D-1EEE1C00F1D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_ce:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99F6385C-9C5D-4DE9-BCC7-F906AC70CA5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_ce:8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DB604DB-F42B-4503-89EB-8973D238B5EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE3EA16B-A4D0-4D04-9BA6-B22BFDF0F07D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06A5398C-0E8D-4E88-8158-C477E0D783C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83EA4A25-FD65-4426-A1D8-F443A26C6629\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F974368A-E789-45C6-ACAF-3568B6654DEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:4.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EE7EFB5-A298-496F-9453-B5D6E9D8ECC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:5.1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D30CD095-C26C-4F37-8250-ADA28033912C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:5.1.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D0F6315-A9E3-436F-A307-C0837C289C21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E26D49F-1625-4316-8642-C19AA7E0F7BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:6.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5A22321-5104-4A7E-800A-893A6D4084F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:6.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75C14AD1-1551-45F4-AE1B-A6E53A712B52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:6.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DA36D2C-D23E-4042-AF27-EE9BA05DED7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:6.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D77931B-65B6-4CD5-B59B-5E2A3DD9B94D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:6.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F0D1FB3-94F1-45D6-9F83-36956DD11397\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:6.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9693373F-39EF-4EFC-9D0F-D67D601495B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:6.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B322FAE-BFD5-46EB-9964-BA40BB2802B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:6.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A30C4B86-7A76-45EC-808E-86E90D8BF4C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:6.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F01B38D-CCEF-457F-BB2D-8A4E054B38A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ED08A5E-9067-4337-81F7-ED1BBC983F46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1B2019C-1603-4080-9AE9-91EC0031BAA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:7.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F3FBAFD-8290-4A2E-B030-BE003BC9842A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:7.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64E7D084-F536-4C9B-809D-05AF57359463\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:7.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8692F9C-D9C1-412A-8CA0-04DA37509819\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc:7.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E73BF2C9-F26F-471C-A566-8EE06FECBB7C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el procesamiento de paquetes de ingreso ICMP del software TelePresence Collaboration Endpoint (CE) de Cisco , podr\\u00eda permitir a un atacante remoto no autenticado causar que el endpoint TelePresence se recargue inesperadamente, resultando en una condici\\u00f3n de negaci\\u00f3n de servicio (DoS). La vulnerabilidad es debido a una comprobaci\\u00f3n de entrada incompleta para el tama\\u00f1o de un paquete ICMP recibido. Un atacante podr\\u00eda explotar esta vulnerabilidad mediante el env\\u00edo de un paquete ICMP dise\\u00f1ado hacia la direcci\\u00f3n IP local del endpoint. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir que el atacante causar una DoS del endpoint TelePresence, durante el cual las llamadas del tiempo pudieron ser perdidas. Esta vulnerabilidad afectar\\u00eda al tr\\u00e1fico ICMP de IPv4 o IPv6. Esta vulnerabilidad afecta a los siguientes productos TelePresence de Cisco cuando se ejecuta la versi\\u00f3n de software CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, o CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Serie Quick Set, TelePresence SX Series. ID de bug de Cisco: CSCvb95396.\"}]",
      "id": "CVE-2017-3825",
      "lastModified": "2024-11-21T03:26:11.413",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-05-16T17:29:00.183",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/98293\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038392\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/98293\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038392\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-3825\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2017-05-16T17:29:00.183\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el procesamiento de paquetes de ingreso ICMP del software TelePresence Collaboration Endpoint (CE) de Cisco , podr\u00eda permitir a un atacante remoto no autenticado causar que el endpoint TelePresence se recargue inesperadamente, resultando en una condici\u00f3n de negaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a una comprobaci\u00f3n de entrada incompleta para el tama\u00f1o de un paquete ICMP recibido. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete ICMP dise\u00f1ado hacia la direcci\u00f3n IP local del endpoint. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante causar una DoS del endpoint TelePresence, durante el cual las llamadas del tiempo pudieron ser perdidas. Esta vulnerabilidad afectar\u00eda al tr\u00e1fico ICMP de IPv4 o IPv6. Esta vulnerabilidad afecta a los siguientes productos TelePresence de Cisco cuando se ejecuta la versi\u00f3n de software CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, o CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Serie Quick Set, TelePresence SX Series. ID de bug de Cisco: CSCvb95396.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_ce:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA23C42-4078-4C0F-9E5D-1EEE1C00F1D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_ce:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99F6385C-9C5D-4DE9-BCC7-F906AC70CA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_ce:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DB604DB-F42B-4503-89EB-8973D238B5EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE3EA16B-A4D0-4D04-9BA6-B22BFDF0F07D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06A5398C-0E8D-4E88-8158-C477E0D783C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83EA4A25-FD65-4426-A1D8-F443A26C6629\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F974368A-E789-45C6-ACAF-3568B6654DEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:4.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EE7EFB5-A298-496F-9453-B5D6E9D8ECC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:5.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D30CD095-C26C-4F37-8250-ADA28033912C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:5.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D0F6315-A9E3-436F-A307-C0837C289C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E26D49F-1625-4316-8642-C19AA7E0F7BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5A22321-5104-4A7E-800A-893A6D4084F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75C14AD1-1551-45F4-AE1B-A6E53A712B52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:6.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DA36D2C-D23E-4042-AF27-EE9BA05DED7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:6.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D77931B-65B6-4CD5-B59B-5E2A3DD9B94D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:6.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F0D1FB3-94F1-45D6-9F83-36956DD11397\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:6.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9693373F-39EF-4EFC-9D0F-D67D601495B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:6.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B322FAE-BFD5-46EB-9964-BA40BB2802B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:6.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A30C4B86-7A76-45EC-808E-86E90D8BF4C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:6.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F01B38D-CCEF-457F-BB2D-8A4E054B38A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ED08A5E-9067-4337-81F7-ED1BBC983F46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1B2019C-1603-4080-9AE9-91EC0031BAA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3FBAFD-8290-4A2E-B030-BE003BC9842A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:7.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64E7D084-F536-4C9B-809D-05AF57359463\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:7.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8692F9C-D9C1-412A-8CA0-04DA37509819\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc:7.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E73BF2C9-F26F-471C-A566-8EE06FECBB7C\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/98293\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038392\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-GPH7-6885-3FM2

Vulnerability from github – Published: 2022-05-17 02:32 – Updated: 2022-05-17 02:32

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-16T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396.",
  "id": "GHSA-gph7-6885-3fm2",
  "modified": "2022-05-17T02:32:17Z",
  "published": "2022-05-17T02:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3825"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98293"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038392"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-AVI-139

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco CVR100W Wireless-N VPN Router versions antérieures à 1.0.1.24
Cisco	N/A	Cisco TelePresence Collaboration Endpoint (CE) versions antérieures à 8.3.2
Cisco	IOS XR	Cisco IOS XR versions 6.1.x antérieures à 6.1.2
Cisco	N/A	Cisco Aironet 1800, 2800, 3800 Access Points versions 8.3.x antérieures à 8.3.112.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170503-cvr100w2 du 03 mai 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170503-ios-xr du 03 mai 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170503-cvr100w1 du 03 mai 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170503-ctp du 03 mai 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170503-cme du 03 mai 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170503-ctp du 03 mai 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170503-cvr100w2 du 03 mai 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170503-cme du 03 mai 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170503-ios-xr du 03 mai 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170503-cvr100w1 du 03 mai 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco CVR100W Wireless-N VPN Router versions ant\u00e9rieures \u00e0 1.0.1.24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Collaboration Endpoint (CE) versions ant\u00e9rieures \u00e0 8.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS XR versions 6.1.x ant\u00e9rieures \u00e0 6.1.2",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1800, 2800, 3800 Access Points versions 8.3.x ant\u00e9rieures \u00e0 8.3.112.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-6620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6620"
    },
    {
      "name": "CVE-2017-3873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3873"
    },
    {
      "name": "CVE-2017-3825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3825"
    },
    {
      "name": "CVE-2017-3876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3876"
    },
    {
      "name": "CVE-2017-3882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3882"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-ctp du 03 mai    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cvr100w2 du 03    mai 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cme du 03 mai    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-ios-xr du 03    mai 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ios-xr"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cvr100w1 du 03    mai 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1"
    }
  ],
  "reference": "CERTFR-2017-AVI-139",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cvr100w2 du 03 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-ios-xr du 03 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cvr100w1 du 03 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-ctp du 03 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cme du 03 mai 2017",
      "url": null
    }
  ]
}

CERTFR-2017-AVI-139

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco CVR100W Wireless-N VPN Router versions antérieures à 1.0.1.24
Cisco	N/A	Cisco TelePresence Collaboration Endpoint (CE) versions antérieures à 8.3.2
Cisco	IOS XR	Cisco IOS XR versions 6.1.x antérieures à 6.1.2
Cisco	N/A	Cisco Aironet 1800, 2800, 3800 Access Points versions 8.3.x antérieures à 8.3.112.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170503-cvr100w2 du 03 mai 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170503-ios-xr du 03 mai 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170503-cvr100w1 du 03 mai 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170503-ctp du 03 mai 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170503-cme du 03 mai 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170503-ctp du 03 mai 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170503-cvr100w2 du 03 mai 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170503-cme du 03 mai 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170503-ios-xr du 03 mai 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170503-cvr100w1 du 03 mai 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco CVR100W Wireless-N VPN Router versions ant\u00e9rieures \u00e0 1.0.1.24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Collaboration Endpoint (CE) versions ant\u00e9rieures \u00e0 8.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS XR versions 6.1.x ant\u00e9rieures \u00e0 6.1.2",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1800, 2800, 3800 Access Points versions 8.3.x ant\u00e9rieures \u00e0 8.3.112.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-6620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6620"
    },
    {
      "name": "CVE-2017-3873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3873"
    },
    {
      "name": "CVE-2017-3825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3825"
    },
    {
      "name": "CVE-2017-3876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3876"
    },
    {
      "name": "CVE-2017-3882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3882"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-ctp du 03 mai    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cvr100w2 du 03    mai 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cme du 03 mai    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-ios-xr du 03    mai 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ios-xr"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cvr100w1 du 03    mai 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1"
    }
  ],
  "reference": "CERTFR-2017-AVI-139",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cvr100w2 du 03 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-ios-xr du 03 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cvr100w1 du 03 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-ctp du 03 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170503-cme du 03 mai 2017",
      "url": null
    }
  ]
}

GSD-2017-3825

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-3825

Aliases

CVE-2017-3825

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3825",
    "description": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396.",
    "id": "GSD-2017-3825"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3825"
      ],
      "details": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396.",
      "id": "GSD-2017-3825",
      "modified": "2023-12-13T01:21:16.781655Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-3825",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco TelePresence",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco TelePresence"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "98293",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98293"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
          },
          {
            "name": "1038392",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038392"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:5.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_ce:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:5.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:4.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_ce:8.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_ce:8.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3825"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
            },
            {
              "name": "98293",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98293"
            },
            {
              "name": "1038392",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038392"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-07-11T01:33Z",
      "publishedDate": "2017-05-16T17:29Z"
    }
  }
}

VAR-201705-3294

Vulnerability from variot - Updated: 2023-12-18 13:24

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3294",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "telepresence ce",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.0.0"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1.4"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.3.2"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2.4"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1.1"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1.3"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.3.5"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.0.2"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.0.4"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.1.13"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.1.11"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.3"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1.3"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.2.0"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1.4"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "telepresence ce",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.1.0"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3.4"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1.2"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.2.1"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.2.3"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.3.6"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3.3"
      },
      {
        "model": "telepresence ce",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.2.0"
      },
      {
        "model": "telepresence tc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "telepresence ce software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.1.1"
      },
      {
        "model": "telepresence ce software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.2.0"
      },
      {
        "model": "telepresence ce software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.2.1"
      },
      {
        "model": "telepresence ce software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.2.2"
      },
      {
        "model": "telepresence ce software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.3.0"
      },
      {
        "model": "telepresence ce software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.3.1"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence sx quick set series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "telepresence dx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence collaboration endpoint",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence ce8.3.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence ce8.2.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence ce8.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence ce8.2.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence ce8.1.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spark room os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.2"
      },
      {
        "model": "telepresence collaboration endpoint",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "98293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:5.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_ce:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:5.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:4.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_ce:8.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_ce:8.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc:6.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3825"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "98293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-3825",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-3825",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-112028",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-3825",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3825",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-268",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-112028",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112028"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396. Vendors have confirmed this vulnerability Bug ID CSCvb95396 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition, denying service to legitimate users. Cisco TelePresence DX Series and so on are the video terminal equipment of American Cisco Company. Cisco Spark Room OS is an operating system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3825"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      },
      {
        "db": "BID",
        "id": "98293"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112028"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3825",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "98293",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1038392",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004132",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-268",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "36612",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-112028",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112028"
      },
      {
        "db": "BID",
        "id": "98293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ]
  },
  "id": "VAR-201705-3294",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112028"
      }
    ],
    "trust": 0.52526317
  },
  "last_update_date": "2023-12-18T13:24:27.129000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170503-ctp",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170503-ctp"
      },
      {
        "title": "Multiple Cisco product TelePresence Collaboration Endpoint Software Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69872"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112028"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3825"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170503-ctp"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/98293"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038392"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3825"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3825"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/36612"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112028"
      },
      {
        "db": "BID",
        "id": "98293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-112028"
      },
      {
        "db": "BID",
        "id": "98293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112028"
      },
      {
        "date": "2017-05-03T00:00:00",
        "db": "BID",
        "id": "98293"
      },
      {
        "date": "2017-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      },
      {
        "date": "2017-05-16T17:29:00.183000",
        "db": "NVD",
        "id": "CVE-2017-3825"
      },
      {
        "date": "2017-05-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112028"
      },
      {
        "date": "2017-05-23T16:23:00",
        "db": "BID",
        "id": "98293"
      },
      {
        "date": "2017-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      },
      {
        "date": "2017-07-11T01:33:43.673000",
        "db": "NVD",
        "id": "CVE-2017-3825"
      },
      {
        "date": "2017-05-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco TelePresence Collaboration Endpoint Software input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004132"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-268"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-3825

Vulnerability from fkie_nvd - Published: 2017-05-16 17:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/98293	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1038392
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98293	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038392
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	telepresence_ce	8.0.0
cisco	telepresence_ce	8.1.0
cisco	telepresence_ce	8.2.0
cisco	telepresence_tc	4.2.0
cisco	telepresence_tc	4.2.1
cisco	telepresence_tc	4.2.2
cisco	telepresence_tc	4.2.3
cisco	telepresence_tc	4.2.4
cisco	telepresence_tc	5.1.11
cisco	telepresence_tc	5.1.13
cisco	telepresence_tc	6.0.2
cisco	telepresence_tc	6.0.3
cisco	telepresence_tc	6.0.4
cisco	telepresence_tc	6.1.3
cisco	telepresence_tc	6.1.4
cisco	telepresence_tc	6.3.1
cisco	telepresence_tc	6.3.2
cisco	telepresence_tc	6.3.3
cisco	telepresence_tc	6.3.4
cisco	telepresence_tc	6.3.5
cisco	telepresence_tc	7.1.1
cisco	telepresence_tc	7.1.2
cisco	telepresence_tc	7.1.3
cisco	telepresence_tc	7.1.4
cisco	telepresence_tc	7.3.6
cisco	telepresence_tc	7.3.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_ce:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA23C42-4078-4C0F-9E5D-1EEE1C00F1D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_ce:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F6385C-9C5D-4DE9-BCC7-F906AC70CA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_ce:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB604DB-F42B-4503-89EB-8973D238B5EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3EA16B-A4D0-4D04-9BA6-B22BFDF0F07D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A5398C-0E8D-4E88-8158-C477E0D783C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EA4A25-FD65-4426-A1D8-F443A26C6629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F974368A-E789-45C6-ACAF-3568B6654DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EE7EFB5-A298-496F-9453-B5D6E9D8ECC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:5.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30CD095-C26C-4F37-8250-ADA28033912C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:5.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D0F6315-A9E3-436F-A307-C0837C289C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E26D49F-1625-4316-8642-C19AA7E0F7BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A22321-5104-4A7E-800A-893A6D4084F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C14AD1-1551-45F4-AE1B-A6E53A712B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA36D2C-D23E-4042-AF27-EE9BA05DED7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D77931B-65B6-4CD5-B59B-5E2A3DD9B94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F0D1FB3-94F1-45D6-9F83-36956DD11397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:6.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9693373F-39EF-4EFC-9D0F-D67D601495B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:6.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B322FAE-BFD5-46EB-9964-BA40BB2802B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:6.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30C4B86-7A76-45EC-808E-86E90D8BF4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:6.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F01B38D-CCEF-457F-BB2D-8A4E054B38A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED08A5E-9067-4337-81F7-ED1BBC983F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1B2019C-1603-4080-9AE9-91EC0031BAA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3FBAFD-8290-4A2E-B030-BE003BC9842A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E7D084-F536-4C9B-809D-05AF57359463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8692F9C-D9C1-412A-8CA0-04DA37509819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E73BF2C9-F26F-471C-A566-8EE06FECBB7C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el procesamiento de paquetes de ingreso ICMP del software TelePresence Collaboration Endpoint (CE) de Cisco , podr\u00eda permitir a un atacante remoto no autenticado causar que el endpoint TelePresence se recargue inesperadamente, resultando en una condici\u00f3n de negaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a una comprobaci\u00f3n de entrada incompleta para el tama\u00f1o de un paquete ICMP recibido. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete ICMP dise\u00f1ado hacia la direcci\u00f3n IP local del endpoint. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante causar una DoS del endpoint TelePresence, durante el cual las llamadas del tiempo pudieron ser perdidas. Esta vulnerabilidad afectar\u00eda al tr\u00e1fico ICMP de IPv4 o IPv6. Esta vulnerabilidad afecta a los siguientes productos TelePresence de Cisco cuando se ejecuta la versi\u00f3n de software CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, o CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Serie Quick Set, TelePresence SX Series. ID de bug de Cisco: CSCvb95396."
    }
  ],
  "id": "CVE-2017-3825",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-16T17:29:00.183",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98293"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1038392"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-06045

Vulnerability from cnvd - Published: 2017-05-07

Title

Cisco TelePresence ICMP拒绝服务漏洞

Description

Cisco TelePresence是思科网真解决方案，它为人们和各个场所以及工作生活各个方面的交互创造了一种独特的面对面体验，通过结合创新的视频、音频和交互式组件（软件和硬件）在网络上实现了这种体验。 Cisco TelePresence ICMP存在拒绝服务漏洞，由于对接收到的ICMP数据包的大小的输入未进行有效验证，远程攻击者未经身份验证可通过将精心设计的ICMP数据包发送到目标端点的本地IP地址，使TelePresence端点意外重载，导致拒绝服务。此漏洞将影响IPv4或IPv6 ICMP流量。

Severity

高

Patch Name

Cisco TelePresence ICMP拒绝服务漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp

Reference

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3825

Impacted products

Name
Cisco TelePresence Collaboration Endpoint (CE) Software

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3825"
    }
  },
  "description": "Cisco TelePresence\u662f\u601d\u79d1\u7f51\u771f\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u4e3a\u4eba\u4eec\u548c\u5404\u4e2a\u573a\u6240\u4ee5\u53ca\u5de5\u4f5c\u751f\u6d3b\u5404\u4e2a\u65b9\u9762\u7684\u4ea4\u4e92\u521b\u9020\u4e86\u4e00\u79cd\u72ec\u7279\u7684\u9762\u5bf9\u9762\u4f53\u9a8c\uff0c\u901a\u8fc7\u7ed3\u5408\u521b\u65b0\u7684\u89c6\u9891\u3001\u97f3\u9891\u548c\u4ea4\u4e92\u5f0f\u7ec4\u4ef6\uff08\u8f6f\u4ef6\u548c\u786c\u4ef6\uff09\u5728\u7f51\u7edc\u4e0a\u5b9e\u73b0\u4e86\u8fd9\u79cd\u4f53\u9a8c\u3002\r\n\r\nCisco TelePresence ICMP\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5bf9\u63a5\u6536\u5230\u7684ICMP\u6570\u636e\u5305\u7684\u5927\u5c0f\u7684\u8f93\u5165\u672a\u8fdb\u884c\u6709\u6548\u9a8c\u8bc1\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u53ef\u901a\u8fc7\u5c06\u7cbe\u5fc3\u8bbe\u8ba1\u7684ICMP\u6570\u636e\u5305\u53d1\u9001\u5230\u76ee\u6807\u7aef\u70b9\u7684\u672c\u5730IP\u5730\u5740\uff0c\u4f7fTelePresence\u7aef\u70b9\u610f\u5916\u91cd\u8f7d\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002 \u6b64\u6f0f\u6d1e\u5c06\u5f71\u54cdIPv4\u6216IPv6 ICMP\u6d41\u91cf\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06045",
  "openTime": "2017-05-07",
  "patchDescription": "Cisco TelePresence\u662f\u601d\u79d1\u7f51\u771f\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u4e3a\u4eba\u4eec\u548c\u5404\u4e2a\u573a\u6240\u4ee5\u53ca\u5de5\u4f5c\u751f\u6d3b\u5404\u4e2a\u65b9\u9762\u7684\u4ea4\u4e92\u521b\u9020\u4e86\u4e00\u79cd\u72ec\u7279\u7684\u9762\u5bf9\u9762\u4f53\u9a8c\uff0c\u901a\u8fc7\u7ed3\u5408\u521b\u65b0\u7684\u89c6\u9891\u3001\u97f3\u9891\u548c\u4ea4\u4e92\u5f0f\u7ec4\u4ef6\uff08\u8f6f\u4ef6\u548c\u786c\u4ef6\uff09\u5728\u7f51\u7edc\u4e0a\u5b9e\u73b0\u4e86\u8fd9\u79cd\u4f53\u9a8c\u3002\r\n\r\nCisco TelePresence ICMP\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5bf9\u63a5\u6536\u5230\u7684ICMP\u6570\u636e\u5305\u7684\u5927\u5c0f\u7684\u8f93\u5165\u672a\u8fdb\u884c\u6709\u6548\u9a8c\u8bc1\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u53ef\u901a\u8fc7\u5c06\u7cbe\u5fc3\u8bbe\u8ba1\u7684ICMP\u6570\u636e\u5305\u53d1\u9001\u5230\u76ee\u6807\u7aef\u70b9\u7684\u672c\u5730IP\u5730\u5740\uff0c\u4f7fTelePresence\u7aef\u70b9\u610f\u5916\u91cd\u8f7d\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u6b64\u6f0f\u6d1e\u5c06\u5f71\u54cdIPv4\u6216IPv6 ICMP\u6d41\u91cf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco TelePresence ICMP\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco TelePresence Collaboration Endpoint (CE) Software"
  },
  "referenceLink": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3825",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-05",
  "title": "Cisco TelePresence ICMP\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-3825 (GCVE-0-2017-3825)

GHSA-GPH7-6885-3FM2

CERTFR-2017-AVI-139

Solution

CERTFR-2017-AVI-139

Solution

GSD-2017-3825

VAR-201705-3294

FKIE_CVE-2017-3825

CNVD-2017-06045

Tags

Sightings

Nomenclature