CVE-2017-3792
published 2017-02-01CVE-2017-3792: A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated…
PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.84%
93.2th percentile
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_multipoint_control_unit | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect crafted fragmented IPv4 or IPv6 packets sent to ports on Cisco TelePresence MCU devices operating in Passthrough content mode, which may indicate exploitation of the improper size validation buffer overflow vulnerability. ↗
- →Focus detection on IP fragment reassembly anomalies (e.g., oversized reassembled payloads) targeting Cisco TelePresence MCU 5300 Series, MCU MSE 8510, and MCU 4500 devices, as the flaw lies in improper size validation during reassembly. ↗
- ·Vulnerability is only exploitable on devices configured for Passthrough content mode. Devices NOT in this mode are not affected. Verify device configuration before applying detection logic. ↗
- ·Only software version 4.3(1.68) or later is affected. Devices running earlier versions are not vulnerable and should be excluded from detection scope. ↗
- ·No workarounds are available for this vulnerability; only software updates remediate it. Mitigations (not workarounds) were noted in the NVD entry but not detailed in the advisory. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9fw8-cmw4-jgmg: A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticat
ghsa_unreviewed·2022-05-17
CVE-2017-3792 [CRITICAL] CWE-20 GHSA-9fw8-cmw4-jgmg: A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticat
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running softw
Cisco
Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
vendor_cisco·2017-01-25·CVSS 9.8
CVE-2017-3792 [CRITICAL] CWE-20 Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system.
Cisco has released software updates that address this vulnerabil
Cisco
Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-3792 Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
CVE-2017-3792: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco has released software updates that address thi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/95787http://www.securitytracker.com/id/1037698https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresencehttp://www.securityfocus.com/bid/95787http://www.securitytracker.com/id/1037698https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence
2017-02-01
Published