Vulnerability Details : CVE-2018-0086
A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.
Vulnerability category: Denial of service
Products affected by CVE-2018-0086
- cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0086
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0086
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
8.6
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
NIST |
CWE ids for CVE-2018-0086
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2018-0086
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp
Cisco Unified Customer Voice Portal Denial of Service VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1040220
Cisco Unified Customer Voice Portal Application Server SIP INVITE Processing Flaw Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/102745
Cisco Unified Customer Voice Portal CVE-2018-0086 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to