CVE-2017-6790 (GCVE-0-2017-6790)

Vulnerability from cvelistv5 – Published: 2017-08-17 20:00 – Updated: 2024-09-16 23:56
VLAI?
Summary
A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897.
Severity ?
No CVSS data available.
CWE
  • Denial of Service
Assigner
References
http://www.securityfocus.com/bid/100369 vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039185 vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Systems, Inc. TelePresence Video Communication Server (VCS) Affected: n/a
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100369",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100369"
          },
          {
            "name": "1039185",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039185"
          },
          {
            "name": "20170816 Cisco TelePresence Video Communication Server Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TelePresence Video Communication Server (VCS)",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-18T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "100369",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100369"
        },
        {
          "name": "1039185",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039185"
        },
        {
          "name": "20170816 Cisco TelePresence Video Communication Server Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2017-08-16T00:00:00",
          "ID": "CVE-2017-6790",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TelePresence Video Communication Server (VCS)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100369",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100369"
            },
            {
              "name": "1039185",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039185"
            },
            {
              "name": "20170816 Cisco TelePresence Video Communication Server Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6790",
    "datePublished": "2017-08-17T20:00:00Z",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-09-16T23:56:09.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD644623-840C-424C-82EE-20FC01A9E56E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE9E2322-4D18-4C17-8D4C-011E8B0ECAAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B267B94B-700C-428F-AAA9-C695B8F2DFF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8FAFCD6-50DE-452F-A0F9-B95EE7511001\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B7F04B1-DF6A-4749-B8D4-A13DE3DD3E07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D997B3DF-3CC4-495B-AAAA-5A0D60A3CBE3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en Session Initiation Protocol (SIP) de Cisco TelePresence Video Communication Server (VCS) podr\\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\\u00f3n de servicio (DoS) en un aparato objetivo. La vulnerabilidad se debe a que se env\\u00eda al dispositivo una cantidad excesiva de tr\\u00e1fico SIP. Un atacante podr\\u00eda explotar esta vulnerabilidad transmitiendo grandes vol\\u00famenes de tr\\u00e1fico SIP al VCS. Un exploit podr\\u00eda permitir que un atacante provoque un DoS total en el sistema objetivo. Cisco Bug IDs: CSCve32897.\"}]",
      "id": "CVE-2017-6790",
      "lastModified": "2024-11-21T03:30:32.043",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-08-17T20:29:00.947",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/100369\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039185\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/100369\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039185\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6790\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2017-08-17T20:29:00.947\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Session Initiation Protocol (SIP) de Cisco TelePresence Video Communication Server (VCS) podr\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en un aparato objetivo. La vulnerabilidad se debe a que se env\u00eda al dispositivo una cantidad excesiva de tr\u00e1fico SIP. Un atacante podr\u00eda explotar esta vulnerabilidad transmitiendo grandes vol\u00famenes de tr\u00e1fico SIP al VCS. Un exploit podr\u00eda permitir que un atacante provoque un DoS total en el sistema objetivo. Cisco Bug IDs: CSCve32897.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD644623-840C-424C-82EE-20FC01A9E56E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE9E2322-4D18-4C17-8D4C-011E8B0ECAAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B267B94B-700C-428F-AAA9-C695B8F2DFF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8FAFCD6-50DE-452F-A0F9-B95EE7511001\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B7F04B1-DF6A-4749-B8D4-A13DE3DD3E07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D997B3DF-3CC4-495B-AAAA-5A0D60A3CBE3\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100369\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039185\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100369\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.