CVE-2018-0086

{"id": "CVE-2018-0086", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2018-01-18T06:29:00.317", "references": [{"url": "http://www.securityfocus.com/bid/102745", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1040220", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840."}, {"lang": "es", "value": "Una vulnerabilidad en el servidor de aplicaciones de Cisco Unified Customer Voice Portal (CVP) podr\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en el dispositivo afectado. La vulnerabilidad se debe al tr\u00e1fico SIP INVITE mal formado recibido en el CVP durante las comunicaciones con Cisco Virtualized Voice Browser (VVB). Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un tr\u00e1fico SIP INVITE mal formado a trav\u00e9s del dispositivo objetivo. Su explotaci\u00f3n podr\u00eda permitir que el atacante provoque un impacto en la disponibilidad de los servicios y datos en el dispositivo, causando una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad afecta a Cisco Unified CVP que ejecuten cualquier distribuci\u00f3n anterior a 11.6(1). Cisco Bug IDs: CSCve85840."}], "lastModified": "2019-10-09T23:31:12.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "539D8A85-EBCD-4E25-9A69-F4F76747265C", "versionEndIncluding": "11.5"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}