Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2018-0139
HistoryFeb 22, 2018 - 12:29 a.m.

CVE-2018-0139

2018-02-2200:29:00
CWE-20
cisco
web.nvd.nist.gov
25
cve-2018-0139
vulnerability
ivr
management
connection interface
cisco
unified customer voice portal
cvp
remote attacker
denial of service
dos
cisco bug ids
cscve70560

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON

A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability by initiating a crafted connection to the IP address of the targeted CVP device. An exploit could allow the attacker to disconnect the IVR to CVP connection, creating a DoS condition that prevents the CVP from accepting new, incoming calls while the IVR automatically attempts to re-establish the connection to the CVP. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1). Cisco Bug IDs: CSCve70560.

Affected configurations

Nvd
Node
ciscounified_customer_voice_portalMatch11.5\(1\)
OR
ciscounified_customer_voice_portalMatch11.6
VendorProductVersionCPE
ciscounified_customer_voice_portal11.5(1)cpe:2.3:a:cisco:unified_customer_voice_portal:11.5\(1\):*:*:*:*:*:*:*
ciscounified_customer_voice_portal11.6cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Unified Customer Voice Portal",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Unified Customer Voice Portal"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
cisco 1
prion 1
cvelist
cvelist
CVE-2018-0139
2018-02-22 00:00:00
nvd
nvd
CVE-2018-0139
2018-02-22 00:29:00
cisco
cisco
Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability
2018-02-21 16:00:00
prion
prion
Race condition
2018-02-22 00:29:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON
Related for CVE-2018-0139
cvelist1nvd1cisco1prion1