CyberSec.Space Logo
Back to CVE Browser

CVE-2017-3792

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1320%
EPSS Percentile16.57th
PublishedFeb 1, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675.

Affected Platforms (CPE)

πŸ“¦
Cisco

Telepresence Mcu Software

= 4.3_\(1.68\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.3_\(2.18\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.3_\(2.30\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.3_\(2.32\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.4_\(3.42\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.4_\(3.49\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.4_\(3.54\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.4_\(3.57\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.4_\(3.67\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.5_\(1.45\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.5_\(1.55\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.5_\(1.71\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.5_\(1.72\)
πŸ“¦
Cisco

Telepresence Mcu Software

= 4.5_\(1.85\)

References & Advisories

πŸ”— http://www.securityfocus.com/bid/95787
πŸ”— http://www.securitytracker.com/id/1037698
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence
πŸ”— http://www.securityfocus.com/bid/95787
πŸ”— http://www.securitytracker.com/id/1037698
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence

Related Vulnerabilities

CVE-2015-07139.0

The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Ser...

CVE-2014-33977.8

The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory...

CVE-2015-06217.8

Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an ...

CVE-2015-42576.8

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attac...