Sign-up

ID

VAR-201711-0312


CVE

CVE-2017-12311


TITLE

Cisco Meeting Server Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010421

DESCRIPTION

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition because the media process could restart. The media session should be re-established within a few seconds, during which there could be a brief interruption in service. Cisco Bug IDs: CSCvg12559. Vendors have confirmed this vulnerability Bug ID CSCvg12559 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.98

sources: NVD: CVE-2017-12311 // JVNDB: JVNDB-2017-010421 // BID: 101855 // VULHUB: VHN-102821

AFFECTED PRODUCTS

vendor:ciscomodel:meeting serverscope:eqversion:2.0

Trust: 1.9

vendor:ciscomodel:meeting serverscope:eqversion:2.3.0

Trust: 1.6

vendor:ciscomodel:meeting serverscope:eqversion:2.2.0

Trust: 1.6

vendor:ciscomodel:meeting serverscope:eqversion:2.1.0

Trust: 1.6

vendor:ciscomodel:meeting serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:meeting serverscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.2.9

Trust: 0.3

sources: BID: 101855 // JVNDB: JVNDB-2017-010421 // CNNVD: CNNVD-201711-671 // NVD: CVE-2017-12311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12311
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12311
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-671
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102821
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12311
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102821
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12311
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102821 // JVNDB: JVNDB-2017-010421 // CNNVD: CNNVD-201711-671 // NVD: CVE-2017-12311

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-102821 // JVNDB: JVNDB-2017-010421 // NVD: CVE-2017-12311

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-671

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201711-671

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010421

PATCH
title:cisco-sa-20171115-cmsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-cms
Trust: 0.8
title:Cisco Meeting Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76496
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010421 // 
            
            
            
            CNNVD: CNNVD-201711-671

EXTERNAL IDS
db:NVDid:CVE-2017-12311
Trust: 2.8
db:BIDid:101855
Trust: 2.0
db:SECTRACKid:1039827
Trust: 1.7
db:JVNDBid:JVNDB-2017-010421
Trust: 0.8
db:CNNVDid:CNNVD-201711-671
Trust: 0.7
db:VULHUBid:VHN-102821
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102821 // 
            
            
            
            BID: 101855 // 
            
            
            
            JVNDB: JVNDB-2017-010421 // 
            
            
            
            CNNVD: CNNVD-201711-671 // 
            
            
            
            NVD: CVE-2017-12311

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171115-cms
Trust: 2.0
url:http://www.securityfocus.com/bid/101855
Trust: 1.7
url:http://www.securitytracker.com/id/1039827
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12311
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12311
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-102821 // 
            
            
            
            BID: 101855 // 
            
            
            
            JVNDB: JVNDB-2017-010421 // 
            
            
            
            CNNVD: CNNVD-201711-671 // 
            
            
            
            NVD: CVE-2017-12311

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 101855

SOURCES
db:VULHUBid:VHN-102821
db:BIDid:101855
db:JVNDBid:JVNDB-2017-010421
db:CNNVDid:CNNVD-201711-671
db:NVDid:CVE-2017-12311

LAST UPDATE DATE
2025-04-20T23:30:50.725000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102821date:2019-10-09T00:00:00
db:BIDid:101855date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010421date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-671date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12311date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-102821date:2017-11-16T00:00:00
db:BIDid:101855date:2017-11-16T00:00:00
db:JVNDBid:JVNDB-2017-010421date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-671date:2017-11-20T00:00:00
db:NVDid:CVE-2017-12311date:2017-11-16T07:29:00.600