CVE-2017-6763

{"id": "CVE-2017-6763", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-08-07T06:29:00.637", "references": [{"url": "http://www.securityfocus.com/bid/100111", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1039058", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve10131", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ms", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected application does not properly validate Fragmentation Unit (FU-A) protocol packets. An attacker could exploit this vulnerability by sending a crafted H.264 FU-A packet through the affected application. A successful exploit could allow the attacker to cause a DoS condition on the affected system due to an unexpected restart of the CMS media process on the system. Although the CMS platform continues to operate and only the single, affected CMS media process is restarted, a brief interruption of media traffic for certain users could occur. Cisco Bug IDs: CSCve10131."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n del protocolo H.264 en Cisco Meeting Server (CMS) 2.1.4 podr\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en un sistema afectado. La vulnerabilidad existe porque la aplicaci\u00f3n afectada no valida correctamente los paquetes de protocolo Fragmentation Unit (FU-A). Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete H.264 FU-A manipulado usando la aplicaci\u00f3n afectada. Una ejecuci\u00f3n exitosa de la vulnerabilidad permitir\u00eda que el atacante provocase una situaci\u00f3n de denegaci\u00f3n del servicio en el sistema afectado debido a un reinicio inesperado del proceso CMS media en el sistema. Aunque la plataforma CMS sigue operando y solo se reinicia el proceso CMS media afectado, podr\u00eda interrumpirse brevemente el tr\u00e1fico multimedia para ciertos usuarios. Cisco Bug IDs: CSCve10131."}], "lastModified": "2019-10-09T23:29:04.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95ECDC6B-C793-4015-A40F-152A840E6417"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}