Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-3792

EPSS 1.86% · P83
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-3792

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Cisco产品Cisco TelePresence Software 输入验证漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco TelePresence Server是美国思科(Cisco)公司的一套被称为“网真”系统的视频会议解决方案。Mobility Services Engine(MSE)是一套可提供Wi-Fi服务的平台(移动服务引擎)。该平台可收集、储存并管理来自无线客户端、思科接入点和控制器的数据。8710 Processors是其中的一个进程。Cisco TelePresence Software是其中的一套运行于Cisco TelePresence Server中的视频会议软件。该方案提供音频、视频空间等
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode -

II. Public POCs for CVE-2017-3792

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-3792

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-02-01 · 13 CVEs total

CVE-2017-5630PEAR Base System 安全漏洞
CVE-2016-2938IBM iNotes和Domino 跨站脚本漏洞
CVE-2016-5884IBM iNotes和Domino 跨站脚本漏洞
CVE-2016-10079SAP GUI SAPlpd 安全漏洞
CVE-2016-9225Cisco Adaptive Security Appliance CX Context-Aware Security模块安全漏洞
CVE-2017-3790Cisco Expressway Series Software和Cisco TelePresence VCS Software 安全漏洞
CVE-2017-3791Cisco Prime Home 安全漏洞
CVE-2016-10164libXpm 数字错误漏洞
CVE-2016-10173minitar 路径遍历漏洞
CVE-2016-4038Samsung手机安全漏洞
CVE-2016-9963Exim 安全漏洞
CVE-2017-3823Cisco WebEx extensions和plugins 安全漏洞

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-20

V. Comments for CVE-2017-3792

No comments yet

Leave a comment