CVE-2017-6791

HIGH

Cisco Unified Communications Manager - DoS

Title source: llm
STIX 2.1

Description

A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039286
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100662

Scores

CVSS v3 7.5
EPSS 0.0232
EPSS Percentile 81.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-119
Status published
Products (5)
cisco/unified_communications_manager 9.1\(2.10000.28\)
cisco/unified_communications_manager 10.0\(1.10000.24\)
cisco/unified_communications_manager 10.5\(2.10000.5\)
cisco/unified_communications_manager 11.0\(1.10000.10\)
n/a/Cisco Unified Communications Manager Cisco Unified Communications Manager
Published Sep 07, 2017
Tracked Since Feb 18, 2026