CVE-2017-6790
moderate-risk
Published 2017-08-17
A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897.
Do I need to act?
~
1.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10
Medium
NETWORK
/ HIGH complexity
Affected Products (6)
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/100369
Third Party Advisory
http://www.securitytracker.com/id/1039185
Third Party Advisory
http://www.securityfocus.com/bid/100369
Third Party Advisory
http://www.securitytracker.com/id/1039185
39
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
5/34 · Minimal
Exposure
13/34 · Low