CVE-2017-6648

A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
ciscotelepresence_ce_software
8.2.2
ciscotelepresence_tc_software
3.1.5
ciscotelepresence_tc_software
3.1_base:_base
ciscotelepresence_tc_software
4.1.0
ciscotelepresence_tc_software
4.1.1
ciscotelepresence_tc_software
4.1.2
ciscotelepresence_tc_software
4.1_base:_base
ciscotelepresence_tc_software
4.2.0
ciscotelepresence_tc_software
4.2.1
ciscotelepresence_tc_software
4.2.2
ciscotelepresence_tc_software
4.2.3
ciscotelepresence_tc_software
4.2.4
ciscotelepresence_tc_software
4.2_base:_base
ciscotelepresence_tc_software
5.0.2
ciscotelepresence_tc_software
5.0.2-cucm
ciscotelepresence_tc_software
5.0_base:_base
ciscotelepresence_tc_software
5.1.3
ciscotelepresence_tc_software
5.1.3-cucm
ciscotelepresence_tc_software
5.1.4
ciscotelepresence_tc_software
5.1.4-cucm
ciscotelepresence_tc_software
5.1.5
ciscotelepresence_tc_software
5.1.5-cucm
ciscotelepresence_tc_software
5.1.6
ciscotelepresence_tc_software
5.1.6-cucm
ciscotelepresence_tc_software
5.1.7
ciscotelepresence_tc_software
5.1.7-cucm
ciscotelepresence_tc_software
5.1.11
ciscotelepresence_tc_software
5.1.13
ciscotelepresence_tc_software
5.1_base:_base
ciscotelepresence_tc_software
6.0.0
ciscotelepresence_tc_software
6.0.0-cucm
ciscotelepresence_tc_software
6.0.1
ciscotelepresence_tc_software
6.0.1-cucm
ciscotelepresence_tc_software
6.0.2
ciscotelepresence_tc_software
6.0.3
ciscotelepresence_tc_software
6.0.4
ciscotelepresence_tc_software
6.0_base:_base
ciscotelepresence_tc_software
6.1.0
ciscotelepresence_tc_software
6.1.0-cucm
ciscotelepresence_tc_software
6.1.1
ciscotelepresence_tc_software
6.1.1-cucm
ciscotelepresence_tc_software
6.1.2
ciscotelepresence_tc_software
6.1.2-cucm
ciscotelepresence_tc_software
6.1.3
ciscotelepresence_tc_software
6.1.4
ciscotelepresence_tc_software
6.1_base:_base
ciscotelepresence_tc_software
6.3.0
ciscotelepresence_tc_software
6.3.1
ciscotelepresence_tc_software
6.3.2
ciscotelepresence_tc_software
6.3.3
ciscotelepresence_tc_software
6.3.4
ciscotelepresence_tc_software
6.3.5
ciscotelepresence_tc_software
7.1.0
ciscotelepresence_tc_software
7.1.1
ciscotelepresence_tc_software
7.1.2
ciscotelepresence_tc_software
7.1.3
ciscotelepresence_tc_software
7.1.4
ciscotelepresence_tc_software
7.2.0
ciscotelepresence_tc_software
7.2.1
ciscotelepresence_tc_software
7.3.0
ciscotelepresence_tc_software
7.3.1
ciscotelepresence_tc_software
7.3.2
ciscotelepresence_tc_software
7.3.3
ciscotelepresence_tc_software
7.3.6
ciscotelepresence_tc_software
7.3.7
ciscotelepresence_tc_software
8.2.0
ciscotelepresence_tc_software
8.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98934
http://www.securitytracker.com/id/1038624
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele
http://www.securityfocus.com/bid/98934
http://www.securitytracker.com/id/1038624
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele