漏洞标题
N/A
漏洞描述信息
在Cisco团结客户语音门户(CVP)的互动语音响应(IVR)管理连接界面中,一个漏洞可能导致无授权的远程攻击者导致IVR连接断开,从而创建一个系统拒绝服务(DoS)条件。该漏洞是由于在IVR连接已经建立时,对TCP连接请求的不当处理导致的。攻击者可以通过为目标CVP设备创建 crafted 连接来利用此漏洞。利用此漏洞可以使攻击者断开IVR到CVP的连接,创建一个在CVP接收新入站电话的同时,IVR自动尝试重新建立与CVP连接的DoS条件。此漏洞影响Cisco团结客户语音门户(CVP)软件版本11.5(1)。Cisco Bug ID:CSCve70560。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability by initiating a crafted connection to the IP address of the targeted CVP device. An exploit could allow the attacker to disconnect the IVR to CVP connection, creating a DoS condition that prevents the CVP from accepting new, incoming calls while the IVR automatically attempts to re-establish the connection to the CVP. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1). Cisco Bug IDs: CSCve70560.
CVSS信息
N/A
漏洞类别
输入验证不恰当
漏洞标题
Cisco Unified Customer Voice Portal Interactive Voice Response管理连接界面安全漏洞
漏洞描述信息
Cisco Unified Customer Voice Portal(CVP)是美国思科(Cisco)公司的一套用于提供语音和视频自助服务的统一通信系统。Interactive Voice Response(IVR)management connection interface是其中的一个为创建并交付IVR(交互式语音应答)应用提供了开放、可扩展、特性丰富的基础的连接组件。 Cisco Unified CVP 11.5(1)版本中的Interactive Voice Response (IVR)管理连接
CVSS信息
N/A
漏洞类别
其他