Details of VAR-201704-1214

ID

VAR-201704-1214

CVE

CVE-2017-3470

TITLE

Oracle Communications Applications of Oracle Communications Security Gateway In Network Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-003486

DESCRIPTION

Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications (subcomponent: Network). The supported version that is affected is 3.0.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise Oracle Communications Security Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Security Gateway. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). The vulnerability can be exploited over the 'ICMP Ping' protocol. The 'Network' sub component is affected. Attackers can exploit this vulnerability to cause denial of service and affect data availability

Trust: 2.07

sources: NVD: CVE-2017-3470 // JVNDB: JVNDB-2017-003486 // BID: 97792 // VULHUB: VHN-111673 // VULMON: CVE-2017-3470

AFFECTED PRODUCTS

vendor:	oracle	model:	communications security gateway	scope:	eq	version:	3.0.0	Trust: 2.4
vendor:	oracle	model:	communications security gateway	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 97792 // JVNDB: JVNDB-2017-003486 // CNNVD: CNNVD-201704-1306 // NVD: CVE-2017-3470

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3470
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3470
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201704-1306
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-111673
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-3470
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3470
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-111673
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3470
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-111673 // VULMON: CVE-2017-3470 // JVNDB: JVNDB-2017-003486 // CNNVD: CNNVD-201704-1306 // NVD: CVE-2017-3470

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-111673 // JVNDB: JVNDB-2017-003486 // NVD: CVE-2017-3470

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1306

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-1306

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003486

PATCH

title:	Oracle Critical Patch Update Advisory - April 2017	url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - April 2017 Risk Matrices	url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2017verbose-3236619.html	Trust: 0.8
title:	Oracle Communications Security Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70717	Trust: 0.6
title:	Oracle: Oracle Critical Patch Update Advisory - April 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87	Trust: 0.1

sources: VULMON: CVE-2017-3470 // JVNDB: JVNDB-2017-003486 // CNNVD: CNNVD-201704-1306

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3470	Trust: 2.9
db:	BID	id:	97792	Trust: 2.1
db:	JVNDB	id:	JVNDB-2017-003486	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-1306	Trust: 0.7
db:	VULHUB	id:	VHN-111673	Trust: 0.1
db:	VULMON	id:	CVE-2017-3470	Trust: 0.1

sources: VULHUB: VHN-111673 // VULMON: CVE-2017-3470 // BID: 97792 // JVNDB: JVNDB-2017-003486 // CNNVD: CNNVD-201704-1306 // NVD: CVE-2017-3470

REFERENCES

url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	Trust: 2.2
url:	http://www.securityfocus.com/bid/97792	Trust: 1.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3470	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3470	Trust: 0.8
url:	http://www.oracle.com/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-111673 // VULMON: CVE-2017-3470 // BID: 97792 // JVNDB: JVNDB-2017-003486 // CNNVD: CNNVD-201704-1306 // NVD: CVE-2017-3470

CREDITS

Oracle

Trust: 0.3

sources: BID: 97792

SOURCES

db:	VULHUB	id:	VHN-111673
db:	VULMON	id:	CVE-2017-3470
db:	BID	id:	97792
db:	JVNDB	id:	JVNDB-2017-003486
db:	CNNVD	id:	CNNVD-201704-1306
db:	NVD	id:	CVE-2017-3470

LAST UPDATE DATE

2025-04-20T23:43:05.400000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-111673	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-3470	date:	2019-10-03T00:00:00
db:	BID	id:	97792	date:	2017-05-02T03:05:00
db:	JVNDB	id:	JVNDB-2017-003486	date:	2017-05-30T00:00:00
db:	CNNVD	id:	CNNVD-201704-1306	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3470	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-111673	date:	2017-04-24T00:00:00
db:	VULMON	id:	CVE-2017-3470	date:	2017-04-24T00:00:00
db:	BID	id:	97792	date:	2017-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-003486	date:	2017-05-30T00:00:00
db:	CNNVD	id:	CNNVD-201704-1306	date:	2017-04-24T00:00:00
db:	NVD	id:	CVE-2017-3470	date:	2017-04-24T19:59:01.787