====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN068
_____________________________________________________________________

DATE                : 22/02/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Unified Customer Voice
                                           Portal.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cvp
_____________________________________________________________________


Cisco Security Advisory: Cisco Unified Customer Voice Portal
Interactive Voice Response Connection Denial of Service Vulnerability

Advisory ID: cisco-sa-20180221-cvp

Revision: 1.0

For Public Release: 2018 February 21 16:00 GMT

Last Updated: 2018 February 21 16:00 GMT

CVE ID(s): CVE-2018-0139

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Interactive Voice Response (IVR) management
connection interface for Cisco Unified Customer Voice Portal (CVP)
could allow an unauthenticated, remote attacker to cause the IVR
connection to disconnect, creating a system-wide denial of service
(DoS) condition.

The vulnerability is due to improper handling of a TCP connection
request when the IVR connection is already established. An attacker
could exploit this vulnerability by initiating a crafted connection to
the IP address of the targeted CVP device. An exploit could allow the
attacker to disconnect the IVR to CVP connection, creating a DoS
condition that prevents the CVP from accepting new, incoming calls
while the IVR automatically attempts to re-establish the connection to
the CVP.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cvp
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cvp"]


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================