Vulnerability CVE-2018-0290


Published: 2018-05-16   Modified: 2018-05-17

Description:
A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities. Cisco Bug IDs: CSCvh48368.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Cisco -> Socialminer 

 References:
http://www.securityfocus.com/bid/104201
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos

Copyright 2024, cxsecurity.com

 

Back to Top