Main Vulnerability Database Vulnerabilities #VU5393

Buffer overflow in Cisco Systems, Inc products - CVE-2017-3792

Published: January 25, 2017 / Updated: January 26, 2017

Vulnerability identifier: #VU5393

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-3792

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
TelePresence MCU 4500
TelePresence MCU MSE 8510
TelePresence MCU 5300 Series
TelePresence Software

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software when reassembling fragmented IPv4 and IPv6 packets. A remote unauthenticated attacker can send a series of specially crafted fragmented IPv4 or IPv6 packets to a port receiving content in Passthrough content mode, trigger buffer overflow and execute arbitrary code on the target system or cause denial of service.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2017-3792

Install TelePresence Software 4.5(1.89).

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence

Buffer overflow in Cisco Systems, Inc products - CVE-2017-3792

Detailed vulnerability description

How to mitigate CVE-2017-3792

Sources

Please verify you're human