ID
VAR-201708-1352
CVE
CVE-2017-6763
TITLE
Cisco Meeting Server Input validation vulnerability
Trust: 0.8
DESCRIPTION
A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected application does not properly validate Fragmentation Unit (FU-A) protocol packets. An attacker could exploit this vulnerability by sending a crafted H.264 FU-A packet through the affected application. A successful exploit could allow the attacker to cause a DoS condition on the affected system due to an unexpected restart of the CMS media process on the system. Although the CMS platform continues to operate and only the single, affected CMS media process is restarted, a brief interruption of media traffic for certain users could occur. Cisco Bug IDs: CSCve10131. Cisco Meeting Server (CMS) Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve10131 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | meeting server | scope: | eq | version: | 2.1.4 | Trust: 2.7 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | CSCve10131 - Cisco Meeting Server H.264 Protocol Denial of Service Vulnerability | url: | https://quickview.cloudapps.cisco.com/quickview/bug/CSCve10131 | Trust: 0.8 |
| title: | cisco-sa-20170802-ms | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ms | Trust: 0.8 |
| title: | Cisco Meeting Server Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72376 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-6763 | Trust: 2.8 |
| db: | BID | id: | 100111 | Trust: 2.0 |
| db: | SECTRACK | id: | 1039058 | Trust: 1.7 |
| db: | JVNDB | id: | JVNDB-2017-006842 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201708-134 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-114966 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170802-ms | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/100111 | Trust: 1.7 |
| url: | https://quickview.cloudapps.cisco.com/quickview/bug/cscve10131 | Trust: 1.7 |
| url: | http://www.securitytracker.com/id/1039058 | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6763 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-6763 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-114966 |
| db: | BID | id: | 100111 |
| db: | JVNDB | id: | JVNDB-2017-006842 |
| db: | CNNVD | id: | CNNVD-201708-134 |
| db: | NVD | id: | CVE-2017-6763 |
LAST UPDATE DATE
2025-04-20T23:30:53.525000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-114966 | date: | 2019-10-09T00:00:00 |
| db: | BID | id: | 100111 | date: | 2017-08-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-006842 | date: | 2017-09-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201708-134 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2017-6763 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-114966 | date: | 2017-08-07T00:00:00 |
| db: | BID | id: | 100111 | date: | 2017-08-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-006842 | date: | 2017-09-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201708-134 | date: | 2017-08-04T00:00:00 |
| db: | NVD | id: | CVE-2017-6763 | date: | 2017-08-07T06:29:00.637 |