CVE-2017-3825 — Improper Input Validation in Cisco Telepresence CE

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence CE Cisco Telepresence TC

Timeline

PublishedMay 16

Latest updateMay 17

Description

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A succ…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/telepresence_ce8.0.0, 8.1.0, 8.2.0+2

▶NVDcisco/telepresence_tc23 versions+22

🔴Vulnerability Details

GHSA

GHSA-gph7-6885-3fm2: A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remot↗2022-05-17

▶

CVEList

CVE-2017-3825: A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remot↗2017-05-16

▶

📋Vendor Advisories

Cisco

Cisco TelePresence ICMP Denial of Service Vulnerability↗2017-05-03

▶