{
  "id": "CVE-2017-6790",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2017-08-17T20:29:00.947",
  "lastModified": "2019-10-03T00:03:26.223",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Session Initiation Protocol (SIP) de Cisco TelePresence Video Communication Server (VCS) podr\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en un aparato objetivo. La vulnerabilidad se debe a que se env\u00eda al dispositivo una cantidad excesiva de tr\u00e1fico SIP. Un atacante podr\u00eda explotar esta vulnerabilidad transmitiendo grandes vol\u00famenes de tr\u00e1fico SIP al VCS. Un exploit podr\u00eda permitir que un atacante provoque un DoS total en el sistema objetivo. Cisco Bug IDs: CSCve32897."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD644623-840C-424C-82EE-20FC01A9E56E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE9E2322-4D18-4C17-8D4C-011E8B0ECAAD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B267B94B-700C-428F-AAA9-C695B8F2DFF8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8FAFCD6-50DE-452F-A0F9-B95EE7511001"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B7F04B1-DF6A-4749-B8D4-A13DE3DD3E07"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D997B3DF-3CC4-495B-AAAA-5A0D60A3CBE3"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/100369",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1039185",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}