CVE-2018-0290
First published: Thu May 17 2018(Updated: )
A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities. Cisco Bug IDs: CSCvh48368.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SocialMiner | =11.6\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Cisco SocialMiner vulnerability?
The vulnerability ID is CVE-2018-0290.
What is the severity level of CVE-2018-0290?
The severity level of CVE-2018-0290 is medium.
How can an attacker exploit CVE-2018-0290?
An attacker can exploit CVE-2018-0290 by causing a denial of service (DoS) condition in the notification system of Cisco SocialMiner.
What software version of Cisco SocialMiner is affected by CVE-2018-0290?
Cisco SocialMiner version 11.6(1) is affected by CVE-2018-0290.
Is there a fix available for CVE-2018-0290?
Yes, Cisco has released a security advisory with mitigation details for CVE-2018-0290.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cisco
- canonical/cisco socialminer
- version/cisco socialminer/11.6\(1\)