First published: Thu Jan 18 2018(Updated: )
A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unified Customer Voice Portal | <=11.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0086 is a vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.
The severity of CVE-2018-0086 is high, with a severity rating of 8.6.
CVE-2018-0086 affects the Cisco Unified Customer Voice Portal (CVP) by allowing an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.
To fix CVE-2018-0086, Cisco recommends upgrading to a fixed software release.
You can find more information about CVE-2018-0086 on the Cisco Security Advisory at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp.