CVE-2018-0139

Name of the Vulnerable Software and Affected Versions: Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1)

Description: A vulnerability in the Interactive Voice Response (IVR) management connection interface could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. This is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this by initiating a crafted connection to the IP address of the targeted device, allowing them to disconnect the IVR to CVP connection and prevent the CVP from accepting new, incoming calls.

Recommendations: For Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1), at the moment, there is no information about a newer version that contains a fix for this vulnerability.