CVE-2018-0086 - OpenCVE

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unified Customer Voice Portal

Configuration 1 [-]

cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102745
http://www.securitytracker.com/id/1040220
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-01-18T06:00:00

Updated: 2024-08-05T03:14:16.599Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0086

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-01-18T06:29:00.317

Modified: 2019-10-09T23:31:12.097

Link: CVE-2018-0086

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Unified Customer Voice Portal", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Unified Customer Voice Portal"}]}], "datePublic": "2018-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-01-23T10:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1040220", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040220"}, {"name": "102745", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102745"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0086", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Unified Customer Voice Portal", "version": {"version_data": [{"version_value": "Cisco Unified Customer Voice Portal"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400"}]}]}, "references": {"reference_data": [{"name": "1040220", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040220"}, {"name": "102745", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102745"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:16.599Z"}, "title": "CVE Program Container", "references": [{"name": "1040220", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040220"}, {"name": "102745", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102745"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0086", "datePublished": "2018-01-18T06:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-08-05T03:14:16.599Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "539D8A85-EBCD-4E25-9A69-F4F76747265C", "versionEndIncluding": "11.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840."}, {"lang": "es", "value": "Una vulnerabilidad en el servidor de aplicaciones de Cisco Unified Customer Voice Portal (CVP) podr\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en el dispositivo afectado. La vulnerabilidad se debe al tr\u00e1fico SIP INVITE mal formado recibido en el CVP durante las comunicaciones con Cisco Virtualized Voice Browser (VVB). Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un tr\u00e1fico SIP INVITE mal formado a trav\u00e9s del dispositivo objetivo. Su explotaci\u00f3n podr\u00eda permitir que el atacante provoque un impacto en la disponibilidad de los servicios y datos en el dispositivo, causando una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad afecta a Cisco Unified CVP que ejecuten cualquier distribuci\u00f3n anterior a 11.6(1). Cisco Bug IDs: CSCve85840."}], "id": "CVE-2018-0086", "lastModified": "2019-10-09T23:31:12.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-18T06:29:00.317", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102745"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040220"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}