high
7.5
CWE
20
Advisory Published
Updated

CVE-2017-3825: Input Validation

First published: Tue May 16 2017(Updated: )

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco TelePresence Collaboration Endpoint Software=8.0.0
Cisco TelePresence Collaboration Endpoint Software=8.1.0
Cisco TelePresence Collaboration Endpoint Software=8.2.0
Cisco TelePresence TC Software=4.2.0
Cisco TelePresence TC Software=4.2.1
Cisco TelePresence TC Software=4.2.2
Cisco TelePresence TC Software=4.2.3
Cisco TelePresence TC Software=4.2.4
Cisco TelePresence TC Software=5.1.11
Cisco TelePresence TC Software=5.1.13
Cisco TelePresence TC Software=6.0.2
Cisco TelePresence TC Software=6.0.3
Cisco TelePresence TC Software=6.0.4
Cisco TelePresence TC Software=6.1.3
Cisco TelePresence TC Software=6.1.4
Cisco TelePresence TC Software=6.3.1
Cisco TelePresence TC Software=6.3.2
Cisco TelePresence TC Software=6.3.3
Cisco TelePresence TC Software=6.3.4
Cisco TelePresence TC Software=6.3.5
Cisco TelePresence TC Software=7.1.1
Cisco TelePresence TC Software=7.1.2
Cisco TelePresence TC Software=7.1.3
Cisco TelePresence TC Software=7.1.4
Cisco TelePresence TC Software=7.3.6
Cisco TelePresence TC Software=7.3.7

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2017-3825?

    CVE-2017-3825 is classified as a high severity vulnerability that can lead to a denial of service condition.

  • How do I fix CVE-2017-3825?

    To fix CVE-2017-3825, you should upgrade to the latest version of the Cisco TelePresence software as recommended by Cisco.

  • Which Cisco products are affected by CVE-2017-3825?

    CVE-2017-3825 affects multiple versions of Cisco TelePresence Collaboration Endpoint and TelePresence TC software.

  • What could an attacker achieve by exploiting CVE-2017-3825?

    An attacker exploiting CVE-2017-3825 could cause the TelePresence endpoint to unexpectedly reload, resulting in service disruption.

  • Is authentication required to exploit CVE-2017-3825?

    CVE-2017-3825 can be exploited by an unauthenticated remote attacker.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203