Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3163

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection.

Published

2020-02-19T20:15:15.660

Last Modified

2024-11-21T05:30:27.467

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

6.9

Weaknesses

Type: Secondary
CWE-362
Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	unified_contact_center_enterprise	< 12.5\(1\)	Yes

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-tip-dos-7cdLUASb Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-tip-dos-7cdLUASb Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)