PT-2017-17324 · Cisco · Cisco Unified Communications Manager
Published
2017-09-07
·
Updated
2019-10-09
·
CVE-2017-6791
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Communications Manager versions 9.1(2.10000.28) through 11.0(1.10000.10)
Description
A vulnerability in the Trust Verification Service (TVS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The issue is due to improper handling of Transport Layer Security (TLS) traffic. An attacker could exploit this by generating incomplete traffic streams, denying access to the TVS until an administrator restarts the service.
Recommendations
For version 9.1(2.10000.28), restart the Trust Verification Service to restore access.
For version 10.0(1.10000.24), restart the Trust Verification Service to restore access.
For version 10.5(2.10000.5), restart the Trust Verification Service to restore access.
For version 11.0(1.10000.10), restart the Trust Verification Service to restore access.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Unified Communications Manager