—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability

Advisory ID: cisco-sa-20180221-cvp

Revision: 1.0

For Public Release: 2018 February 21 16:00 GMT

Last Updated: 2018 February 21 16:00 GMT

CVE ID(s): CVE-2018-0139

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition.

The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability by initiating a crafted connection to the IP address of the targeted CVP device. An exploit could allow the attacker to disconnect the IVR to CVP connection, creating a DoS condition that prevents the CVP from accepting new, incoming calls while the IVR automatically attempts to re-establish the connection to the CVP.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cvp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cvp”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJajZlrXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczHLYP/2stB7ypnF0VpSGtGWBeOYtPdR6B
AXU2IH966p5K+YMjsKAyFaWaoodIzJxrCDx0ViMfjrYjDdl9oZmQ/8LIzCRkPNvM
HQHaTyxCEZ1qao5a7wEk6mOmCHyJx9oIHkkiSmoVp8mKuALfbDOHNMTGc3tE31BF
BynCDs7C61LPa5DGpNNJv3HnABHMQ6ypxHQGFKSrrA5BydrbNdMtEJtCm3F+W1Xb
bRgX5gh6KWf1Zyqtd/nynDQcYB5/upKz9+knDiBX+029ewEax6DzekzRBMIpDohG
sOY/4yMdtiBQqsNRpeYkHwwfsfl7nyrvFaJzMx9RUCVEr4c7JiNW7U2iDo0zWVVE
Y0tQVGpj2sIyNdJLTvAdY/7GumYwTfzayFnyoWDRInfIPPwQrbBI2Jj8RpH4qBW9
DJKcfYjZJcWe28pQ2/uCoNPPNAi56TRQ/S2MO77KtDYlMB2fFd+bGdS2uuELG05t
rbKuBanNn/c6AiBvGLHjODJmu0e/AHGTrv7bkG7IyVM2gr7qFPFgj4hrxy+j3caM
1fgvIdvJaTjkOTYlwQ/tKyEujNsI9S6hqa61BYn2yGYdRPp6P2MHtumoxvHVaTMa
/1vwhiazBHGtxiLWWsoNu0oR1sa6cNxRgZmmxdCca31E+TetHfGHsnR0uKL8WY65
jaF+Zm0hhgMY14Xx
=+hLq
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com