Main Vulnerability Database SB2017050508

SB2017050508 - Denial of service in Cisco Telepresence Software

Published: May 5, 2017

Security Bulletin ID SB2017050508

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Denial of service (CVE-ID: CVE-2017-3825)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to incomplete input validation for the size of a received ICMP packet. A remote attacker can send a specially crafted ICMP packet to the local IP address, affect either IPv4 or IPv6 ICMP traffic and cause the TelePresence endpoint to reload.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp