Denial of Service Vulnerability in Cisco Unified Customer Voice Portal
CVE-2018-0139

8.6HIGH

Key Information:

Vendor
Cisco
Status
Cisco Unified Customer Voice Portal
Vendor
CVE Published:
22 February 2018

Summary

A vulnerability exists in the Interactive Voice Response (IVR) management connection interface of Cisco Unified Customer Voice Portal (CVP). This issue may allow an unauthenticated remote attacker to disconnect the established IVR connection, potentially leading to a denial of service (DoS) condition. The flaw arises from improper handling of TCP connection requests when a connection is already active. An attacker can exploit this by sending a specially crafted connection request to the CVP IP address, disrupting the IVR to CVP connection and preventing the system from processing new incoming calls while it attempts to reconnect.

Affected Version(s)

Cisco Unified Customer Voice Portal Cisco Unified Customer Voice Portal

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103124
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040414
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.