Details of VAR-201708-1353

ID

VAR-201708-1353

CVE

CVE-2017-6745

TITLE

Cisco Videoscape Distribution Suite for Television Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006806

DESCRIPTION

A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. A successful exploit could cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc39260. Cisco Videoscape Distribution Suite (VDS) for Television Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc39260 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The solution supports streaming media live broadcast, dynamic acquisition of content library and content caching, etc. cache server is one of the cache servers

Trust: 2.07

sources: NVD: CVE-2017-6745 // JVNDB: JVNDB-2017-006806 // BID: 100106 // VULHUB: VHN-114948 // VULMON: CVE-2017-6745

AFFECTED PRODUCTS

vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	4.2\(1\)	Trust: 1.6
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.4\(2\)	Trust: 1.6
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.2\(5\)es1	Trust: 1.6
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.8\(1\)	Trust: 1.6
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	4.4\(1\)	Trust: 1.6
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.6\(1\)	Trust: 1.6
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.5\(1\)	Trust: 1.6
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	4.1\(3\)	Trust: 1.6
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.4\(1\)	Trust: 1.6
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	4.1\(4\)	Trust: 1.6
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.2\(7\)	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.5\(1\)-cos	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	4.1\(5\)	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	4.1\(2\)	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.9\(1\)	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite for television	scope:	eq	version:	3.2\(6\)	Trust: 1.0
vendor:	cisco	model:	videoscape distribution suite for television	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	videoscape distribution suite for television 3.2 es1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	tv streamer application	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	tv streamer application	scope:	ne	version:	4.6(1)	Trust: 0.3

sources: BID: 100106 // JVNDB: JVNDB-2017-006806 // CNNVD: CNNVD-201708-137 // NVD: CVE-2017-6745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6745
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6745
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201708-137
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114948
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-6745
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6745
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-114948
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6745
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114948 // VULMON: CVE-2017-6745 // JVNDB: JVNDB-2017-006806 // CNNVD: CNNVD-201708-137 // NVD: CVE-2017-6745

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-114948 // JVNDB: JVNDB-2017-006806 // NVD: CVE-2017-6745

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-137

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201708-137

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006806

PATCH

title:	cisco-sa-20170802-vds	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds	Trust: 0.8
title:	Cisco Videoscape Distribution Suite for Television cache server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72379	Trust: 0.6
title:	Cisco: Cisco Videoscape Distribution Suite Cache Server Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170802-vds	Trust: 0.1
title:	Symantec Security Advisories: SA148: Linux Kernel Vulnerabilities Feb-Apr 2017	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=f0d00b7af116794375aefb8b1a967bc5	Trust: 0.1

sources: VULMON: CVE-2017-6745 // JVNDB: JVNDB-2017-006806 // CNNVD: CNNVD-201708-137

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6745	Trust: 2.9
db:	BID	id:	100106	Trust: 2.1
db:	JVNDB	id:	JVNDB-2017-006806	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-137	Trust: 0.7
db:	AUSCERT	id:	ESB-2017.1179.2	Trust: 0.6
db:	VULHUB	id:	VHN-114948	Trust: 0.1
db:	VULMON	id:	CVE-2017-6745	Trust: 0.1

sources: VULHUB: VHN-114948 // VULMON: CVE-2017-6745 // BID: 100106 // JVNDB: JVNDB-2017-006806 // CNNVD: CNNVD-201708-137 // NVD: CVE-2017-6745

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170802-vds	Trust: 2.2
url:	http://www.securityfocus.com/bid/100106	Trust: 1.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6745	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6745	Trust: 0.8
url:	https://bto.bluecoat.com/security-advisory/sa148	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2017.1179.2/	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-114948 // VULMON: CVE-2017-6745 // BID: 100106 // JVNDB: JVNDB-2017-006806 // CNNVD: CNNVD-201708-137 // NVD: CVE-2017-6745

CREDITS

Cisco

Trust: 0.9

sources: BID: 100106 // CNNVD: CNNVD-201708-137

SOURCES

db:	VULHUB	id:	VHN-114948
db:	VULMON	id:	CVE-2017-6745
db:	BID	id:	100106
db:	JVNDB	id:	JVNDB-2017-006806
db:	CNNVD	id:	CNNVD-201708-137
db:	NVD	id:	CVE-2017-6745

LAST UPDATE DATE

2025-04-20T19:56:33.049000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114948	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2017-6745	date:	2019-10-09T00:00:00
db:	BID	id:	100106	date:	2017-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-006806	date:	2017-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201708-137	date:	2020-02-11T00:00:00
db:	NVD	id:	CVE-2017-6745	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114948	date:	2017-08-07T00:00:00
db:	VULMON	id:	CVE-2017-6745	date:	2017-08-07T00:00:00
db:	BID	id:	100106	date:	2017-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-006806	date:	2017-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201708-137	date:	2017-08-04T00:00:00
db:	NVD	id:	CVE-2017-6745	date:	2017-08-07T06:29:00.323