Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2017-3790

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263.

  • Published: Feb 1, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-3790
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.6
  • AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVSS v2:

  • Severity: High
  • Score: 7.8
  • AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

Software From Fixed in
cisco / telepresence_video_communication_server x6.0_base x6.0_base.x
cisco / expressway x8.5.2 x8.5.2.x
cisco / expressway x8.5-rc4 x8.5-rc4.x
cisco / expressway x8.1.1 x8.1.1.x
cisco / expressway x8.6.0 x8.6.0.x
cisco / telepresence_video_communication_server x7.0.2 x7.0.2.x
cisco / expressway x8.7.0 x8.7.0.x
cisco / telepresence_video_communication_server x7.2.1 x7.2.1.x
cisco / expressway x8.2.1 x8.2.1.x
cisco / telepresence_video_communication_server x6.1_base x6.1_base.x
cisco / expressway x8.7.1 x8.7.1.x
cisco / expressway x8.8.0 x8.8.0.x
cisco / telepresence_video_communication_server x5.2_base x5.2_base.x
cisco / expressway x8.5.3 x8.5.3.x
cisco / telepresence_video_communication_server x7.0.3 x7.0.3.x
cisco / expressway x8.2.2 x8.2.2.x
cisco / expressway x8.6.1 x8.6.1.x
cisco / telepresence_video_communication_server x7.2.0 x7.2.0.x
cisco / telepresence_video_communication_server x7.2.2 x7.2.2.x
cisco / telepresence_video_communication_server x7.0.1 x7.0.1.x
cisco / expressway x8.1_base x8.1_base.x
cisco / expressway x8.7.3 x8.7.3.x
cisco / expressway x8.2_base x8.2_base.x
cisco / expressway x8.1.0 x8.1.0.x
cisco / expressway x8.5.1 x8.5.1.x
cisco / expressway x8.7.2 x8.7.2.x
cisco / expressway x8.5.0 x8.5.0.x
cisco / expressway x8.5_base x8.5_base.x
cisco / telepresence_video_communication_server x7.1_base x7.1_base.x
cisco / telepresence_video_communication_server x7.0.0 x7.0.0.x
cisco / expressway x8.8.1 x8.8.1.x
cisco / expressway x8.1.2 x8.1.2.x