CVE-2018-0086

CVE Database · CVE-2018-0086

CVE-2018-0086

· N/AModified

CVSS v3.1

N/A

EPSS

2.34%

Published

Jan 18, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.

Weaknesses (CWE)

CWE-400CWE-400

Affected Products (1)

cisco · unified_customer_voice_portalvulnerable

References (6)

http://www.securityfocus.com/bid/102745

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040220

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp

Vendor Advisory

http://www.securityfocus.com/bid/102745

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040220

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp

KEV Catalog EPSS Scores Vendors All CVEs