CVE-2018-0139 (CNNVD-201802-439)

HIGH
中文标题:
Cisco Unified Customer Voice Portal Interactive Voice Response管理连接界面安全漏洞
英文标题:
A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Un...
CVSS分数: 8.6
发布时间: 2018-02-22 00:00:00
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Cisco Unified Customer Voice Portal(CVP)是美国思科(Cisco)公司的一套用于提供语音和视频自助服务的统一通信系统。Interactive Voice Response(IVR)management connection interface是其中的一个为创建并交付IVR(交互式语音应答)应用提供了开放、可扩展、特性丰富的基础的连接组件。 Cisco Unified CVP 11.5(1)版本中的Interactive Voice Response (IVR)管理连接界面存在拒绝服务漏洞,该漏洞源于程序没有正确的处理TCP链接请求。远程攻击者可通过启动对目标CVP设备IP地址的特制连接利用该漏洞断开IVR到CVP的连接,造成拒绝服务。

英文描述:

A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability by initiating a crafted connection to the IP address of the targeted CVP device. An exploit could allow the attacker to disconnect the IVR to CVP connection, creating a DoS condition that prevents the CVP from accepting new, incoming calls while the IVR automatically attempts to re-establish the connection to the CVP. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1). Cisco Bug IDs: CSCve70560.

CWE类型:
CWE-20
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
cisco unified_customer_voice_portal 11.5\(1\) - - cpe:2.3:a:cisco:unified_customer_voice_portal:11.5\(1\):*:*:*:*:*:*:*
cisco unified_customer_voice_portal 11.6 - - cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 x_refsource_CONFIRM
cve.org
访问
103124 vdb-entry
cve.org
访问
1040414 vdb-entry
cve.org
访问
CVSS评分详情
8.6
HIGH
CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVSS版本: 3.1
机密性
NONE
完整性
NONE
可用性
HIGH
时间信息
发布时间:
2018-02-22 00:00:00
修改时间:
2024-12-02 21:05:42
创建时间:
2025-11-11 15:34:56
更新时间:
2025-11-11 15:53:34
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2018-0139 2025-11-11 15:19:35 2025-11-11 07:34:56
NVD nvd_CVE-2018-0139 2025-11-11 14:55:52 2025-11-11 07:43:33
CNNVD cnnvd_CNNVD-201802-439 2025-11-11 15:09:58 2025-11-11 07:53:34
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:53:34
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-201802-439; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • cnnvd_id: 未提取 -> CNNVD-201802-439
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:43:33
severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 8.6; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 0 → 2; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
  • cvss_score: 未提取 -> 8.6
  • cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • cvss_version: NOT_EXTRACTED -> 3.1
  • affected_products_count: 0 -> 2
  • data_sources: ['cve'] -> ['cve', 'nvd']