CVE-2018-0086

Name of the Vulnerable Software and Affected Versions: Cisco Unified Customer Voice Portal versions prior to 11.6(1)

Description: A denial of service condition can be caused by an unauthenticated, remote attacker due to malformed SIP INVITE traffic received during communications with the Cisco Virtualized Voice Browser. The attacker can exploit this by sending malformed SIP INVITE traffic, impacting the availability of services and data on the device.

Recommendations: For versions prior to 11.6(1), update to version 11.6(1) or later to resolve the issue. As a temporary workaround, consider restricting access to the application server to minimize the risk of exploitation.