CVE-2017-6648

A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002.

CVSS v3.0 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele	Vendor Advisory
http://www.securityfocus.com/bid/98934	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038624

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:telepresence_tc_software:5.1.4:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.0.2:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.3.2:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:4.1_base:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.1.1-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1_base:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.3-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.6-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.7:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.1.4:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.0.3:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.5-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.3.7:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.2.1:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.1.2-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.2.0:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:8.2.0:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.0.1-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:3.1_base:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.3.0:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.0.2-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.1.2:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.3.5:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:4.1.2:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:4.2.0:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.1.0:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.3.6:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.11:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.1.0:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.3.1:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:4.2.1:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.1.1:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.0.0:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:4.1.0:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.6:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.5:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.4-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.1_base:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.3.3:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.0.0-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.3.4:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.3:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:4.1.1:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:4.2_base:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.1.4:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:4.2.3:::::::*
	cpe:2.3:a:cisco:telepresence_ce_software:8.2.2:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.7-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.1.13:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.1.0-cucm:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.0.1:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:4.2.2:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:3.1.5:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.0_base:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.1.2:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:7.1.1:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.0.4:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.0_base:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:5.0.2:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:8.2.1:::::::*
	cpe:2.3:a:cisco:telepresence_tc_software:6.1.3:::::::*
cpe:2.3:a:cisco:telepresence_tc_software:7.1.3:::::::*
cpe:2.3:a:cisco:telepresence_tc_software:4.2.4:::::::*
cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:::::::*

Information

Published : 2017-06-08 06:29

Updated : 2019-10-02 17:03

NVD link : CVE-2017-6648

Mitre link : CVE-2017-6648

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

cisco

telepresence_ce_software
telepresence_tc_software

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2017-6648

7.5^/10

7.8^/10

Attach tags to `CVE-2017-6648`