Sign-up

ID

VAR-201805-0517


CVE

CVE-2018-0280


TITLE

Cisco Meeting Server Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005122

DESCRIPTION

A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP bitstream to an affected Cisco Meeting Server. A successful exploit could allow the attacker to deny audio and video services by causing media process crashes resulting in a DoS condition on the affected product. This vulnerability affects Cisco Meeting Server deployments that are running Cisco Meeting Server Software Releases 2.0, 2.1, 2.2, and 2.3. Cisco Bug IDs: CSCve79693, CSCvf91393, CSCvg64656, CSCvh30725, CSCvi86363. Vendors have confirmed this vulnerability Bug ID CSCve79693 , CSCvf91393 , CSCvg64656 , CSCvh30725 ,and CSCvi86363 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users

Trust: 2.07

sources: NVD: CVE-2018-0280 // JVNDB: JVNDB-2018-005122 // BID: 104209 // VULHUB: VHN-118482 // VULMON: CVE-2018-0280

AFFECTED PRODUCTS

vendor:ciscomodel:meeting serverscope:eqversion:2.3

Trust: 2.7

vendor:ciscomodel:meeting serverscope:eqversion:2.2

Trust: 2.7

vendor:ciscomodel:meeting serverscope:eqversion:2.1

Trust: 2.7

vendor:ciscomodel:meeting serverscope:eqversion:2.0

Trust: 2.7

vendor:ciscomodel:meeting serverscope:eqversion:2.2.5

Trust: 1.9

vendor:ciscomodel:meeting serverscope:eqversion:2.2.8

Trust: 1.6

vendor:ciscomodel:meeting serverscope:eqversion:2.2.9

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.2.6

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.2.4

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.2.3

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.2.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.2.1

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.11

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.10

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.9

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.8

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.4

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.16

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.15

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.7

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.3

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.1

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.3.1

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.2.10

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.1.12

Trust: 0.3

sources: BID: 104209 // JVNDB: JVNDB-2018-005122 // CNNVD: CNNVD-201805-628 // NVD: CVE-2018-0280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0280
value: HIGH

Trust: 1.0

NVD: CVE-2018-0280
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201805-628
value: HIGH

Trust: 0.6

VULHUB: VHN-118482
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0280
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0280
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118482
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0280
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118482 // VULMON: CVE-2018-0280 // JVNDB: JVNDB-2018-005122 // CNNVD: CNNVD-201805-628 // NVD: CVE-2018-0280

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118482 // JVNDB: JVNDB-2018-005122 // NVD: CVE-2018-0280

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-628

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201805-628

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005122

PATCH
title:cisco-sa-20180516-msmsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms
Trust: 0.8
title:Cisco Meeting Server Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83552
Trust: 0.6
title:Cisco: Cisco Meeting Server Media Services Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180516-msms
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco-warns-of-three-critical-bugs-in-digital-network-architecture-platform/132057/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0280 // 
            
            
            
            JVNDB: JVNDB-2018-005122 // 
            
            
            
            CNNVD: CNNVD-201805-628

EXTERNAL IDS
db:NVDid:CVE-2018-0280
Trust: 2.9
db:BIDid:104209
Trust: 2.1
db:SECTRACKid:1040923
Trust: 1.8
db:JVNDBid:JVNDB-2018-005122
Trust: 0.8
db:CNNVDid:CNNVD-201805-628
Trust: 0.6
db:VULHUBid:VHN-118482
Trust: 0.1
db:VULMONid:CVE-2018-0280
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118482 // 
            
            
            
            VULMON: CVE-2018-0280 // 
            
            
            
            BID: 104209 // 
            
            
            
            JVNDB: JVNDB-2018-005122 // 
            
            
            
            CNNVD: CNNVD-201805-628 // 
            
            
            
            NVD: CVE-2018-0280

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180516-msms
Trust: 2.2
url:http://www.securityfocus.com/bid/104209
Trust: 1.9
url:http://www.securitytracker.com/id/1040923
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0280
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0280
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-warns-of-three-critical-bugs-in-digital-network-architecture-platform/132057/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118482 // 
            
            
            
            VULMON: CVE-2018-0280 // 
            
            
            
            BID: 104209 // 
            
            
            
            JVNDB: JVNDB-2018-005122 // 
            
            
            
            CNNVD: CNNVD-201805-628 // 
            
            
            
            NVD: CVE-2018-0280

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104209

SOURCES
db:VULHUBid:VHN-118482
db:VULMONid:CVE-2018-0280
db:BIDid:104209
db:JVNDBid:JVNDB-2018-005122
db:CNNVDid:CNNVD-201805-628
db:NVDid:CVE-2018-0280

LAST UPDATE DATE
2024-11-23T21:53:10.334000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118482date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0280date:2019-10-09T00:00:00
db:BIDid:104209date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005122date:2018-07-06T00:00:00
db:CNNVDid:CNNVD-201805-628date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0280date:2024-11-21T03:37:53.103

SOURCES RELEASE DATE
db:VULHUBid:VHN-118482date:2018-05-17T00:00:00
db:VULMONid:CVE-2018-0280date:2018-05-17T00:00:00
db:BIDid:104209date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005122date:2018-07-06T00:00:00
db:CNNVDid:CNNVD-201805-628date:2018-05-18T00:00:00
db:NVDid:CVE-2018-0280date:2018-05-17T03:29:00.527