CVE-2017-3470

MEDIUM

Oracle Communications Security Gateway - Denial of Service

Title source: rule

Description

Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications (subcomponent: Network). The supported version that is affected is 3.0.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise Oracle Communications Security Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Security Gateway. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References (2)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97792

Scores

CVSS v3 5.3

EPSS 0.0147

EPSS Percentile 80.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

Status published

Affected Products (2)

oracle/communications_security_gateway

Oracle Corporation/Communications Security Gateway < 3.0.0

Timeline

Published Apr 24, 2017

Tracked Since Feb 18, 2026