Lucene search

CiscoCVE-2017-3792

HistoryFeb 01, 2017 - 7:59 p.m.

CVE-2017-3792

2017-02-0119:59:00

CWE-20

cisco

web.nvd.nist.gov

cisco

telepresence

cve-2017-3792

vulnerability

remote attacker

code execution

dos

software update

cisco bug ids

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.026

Percentile

90.3%

JSON

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675.

Affected configurations

Nvd

Node

ciscotelepresence_mcu_4505Match-

ciscotelepresence_mcu_4510Match-

ciscotelepresence_mcu_4515Match-

ciscotelepresence_mcu_4520Match-

ciscotelepresence_mcu_5310Match-

ciscotelepresence_mcu_5320Match-

ciscotelepresence_mcu_mse_8510Match-

AND

ciscotelepresence_mcu_softwareMatch4.3_\(1.68\)

ciscotelepresence_mcu_softwareMatch4.3_\(2.18\)

ciscotelepresence_mcu_softwareMatch4.3_\(2.30\)

ciscotelepresence_mcu_softwareMatch4.3_\(2.32\)

ciscotelepresence_mcu_softwareMatch4.4_\(3.42\)

ciscotelepresence_mcu_softwareMatch4.4_\(3.49\)

ciscotelepresence_mcu_softwareMatch4.4_\(3.54\)

ciscotelepresence_mcu_softwareMatch4.4_\(3.57\)

ciscotelepresence_mcu_softwareMatch4.4_\(3.67\)

ciscotelepresence_mcu_softwareMatch4.5_\(1.45\)

ciscotelepresence_mcu_softwareMatch4.5_\(1.55\)

ciscotelepresence_mcu_softwareMatch4.5_\(1.71\)

ciscotelepresence_mcu_softwareMatch4.5_\(1.72\)

ciscotelepresence_mcu_softwareMatch4.5_\(1.85\)

VendorProductVersionCPE
ciscotelepresence_mcu_4505-cpe:2.3:h:cisco:telepresence_mcu_4505:-:*:*:*:*:*:*:*
ciscotelepresence_mcu_4510-cpe:2.3:h:cisco:telepresence_mcu_4510:-:*:*:*:*:*:*:*
ciscotelepresence_mcu_4515-cpe:2.3:h:cisco:telepresence_mcu_4515:-:*:*:*:*:*:*:*
ciscotelepresence_mcu_4520-cpe:2.3:h:cisco:telepresence_mcu_4520:-:*:*:*:*:*:*:*
ciscotelepresence_mcu_5310-cpe:2.3:h:cisco:telepresence_mcu_5310:-:*:*:*:*:*:*:*
ciscotelepresence_mcu_5320-cpe:2.3:h:cisco:telepresence_mcu_5320:-:*:*:*:*:*:*:*
ciscotelepresence_mcu_mse_8510-cpe:2.3:h:cisco:telepresence_mcu_mse_8510:-:*:*:*:*:*:*:*
ciscotelepresence_mcu_software4.3_(1.68)cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\(1.68\):*:*:*:*:*:*:*
ciscotelepresence_mcu_software4.3_(2.18)cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\(2.18\):*:*:*:*:*:*:*
ciscotelepresence_mcu_software4.3_(2.30)cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\(2.30\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_mcu_4505	-	cpe:2.3:h:cisco:telepresence_mcu_4505:-:::::::*
cisco	telepresence_mcu_4510	-	cpe:2.3:h:cisco:telepresence_mcu_4510:-:::::::*
cisco	telepresence_mcu_4515	-	cpe:2.3:h:cisco:telepresence_mcu_4515:-:::::::*
cisco	telepresence_mcu_4520	-	cpe:2.3:h:cisco:telepresence_mcu_4520:-:::::::*
cisco	telepresence_mcu_5310	-	cpe:2.3:h:cisco:telepresence_mcu_5310:-:::::::*
cisco	telepresence_mcu_5320	-	cpe:2.3:h:cisco:telepresence_mcu_5320:-:::::::*
cisco	telepresence_mcu_mse_8510	-	cpe:2.3:h:cisco:telepresence_mcu_mse_8510:-:::::::*
cisco	telepresence_mcu_software	4.3_(1.68)	cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\(1.68\):::::::*
cisco	telepresence_mcu_software	4.3_(2.18)	cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\(2.18\):::::::*
cisco	telepresence_mcu_software	4.3_(2.30)	cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\(2.30\):::::::*

Rows per page:

1-10 of 211

CNA Affected

[
  {
    "product": "Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode"
      }
    ]
  }
]

References

www.securityfocus.com/bid/95787

www.securitytracker.com/id/1037698

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.026

Percentile

90.3%

JSON

Related for CVE-2017-3792