CVE-2018-0086

Description

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score

Exploitation Probability

1.646

Associated Vulnerability

Vulnerability	OS Platform
Cisco Unified Customer Voice Portal Denial of Service Vulnerability For Cisco Unified Customer Voice Portal	NCM
Uncontrolled Resource Consumption Vulnerability (CVE-2018-0086)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705727	Security Update for Cisco Unified Customer Voice Portal 11.0(1)SR0(24)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234