VIR Vulnerability Intelligence Relay

CVE-2017-3790

high
Published 2017-02-01 ยท Modified 2026-05-13
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
8.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
8.6

Description

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263.

Predictions

Exploit likelihood
91%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
cisco ciscoexpresswayx8.1.0
cisco ciscoexpresswayx8.1.1
cisco ciscoexpresswayx8.1.2
cisco ciscoexpresswayx8.1_base
cisco ciscoexpresswayx8.2.1
cisco ciscoexpresswayx8.2.2
cisco ciscoexpresswayx8.2_base
cisco ciscoexpresswayx8.5
cisco ciscoexpresswayx8.5.0
cisco ciscoexpresswayx8.5.1
cisco ciscoexpresswayx8.5.2
cisco ciscoexpresswayx8.5.3
cisco ciscoexpresswayx8.5_base
cisco ciscoexpresswayx8.6.0
cisco ciscoexpresswayx8.6.1
cisco ciscoexpresswayx8.7.0
cisco ciscoexpresswayx8.7.1
cisco ciscoexpresswayx8.7.2
cisco ciscoexpresswayx8.7.3
cisco ciscoexpresswayx8.8.0
cisco ciscoexpresswayx8.8.1
cisco ciscotelepresence_video_communication_serverx5.2_base
cisco ciscotelepresence_video_communication_serverx6.0_base
cisco ciscotelepresence_video_communication_serverx6.1_base
cisco ciscotelepresence_video_communication_serverx7.0.0
cisco ciscotelepresence_video_communication_serverx7.0.1
cisco ciscotelepresence_video_communication_serverx7.0.2
cisco ciscotelepresence_video_communication_serverx7.0.3
cisco ciscotelepresence_video_communication_serverx7.1_base
cisco ciscotelepresence_video_communication_serverx7.2.0
cisco ciscotelepresence_video_communication_serverx7.2.1
cisco ciscotelepresence_video_communication_serverx7.2.2

References

CWEs

CWE-399 CWE-20 CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.