CVE-2018-0358
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of file descriptors while processing a high volume of traffic. An attacker could exploit this vulnerability by establishing a high number of concurrent TCP connections to the vulnerable system. An exploit could allow the attacker to cause a restart in a specific process, resulting in a temporary interruption of service. Cisco Bug IDs: CSCvh77056, CSCvh77058, CSCvh95264.
Una vulnerabilidad en el manejo del descriptor de archivos en Cisco TelePresence Video Communication Server (VCS) Expressway podría permitir que un atacante remoto sin autenticar provoque una denegación de servicio (DoS). La vulnerabilidad se debe al agotamiento de los descriptores de archivo mientras se procesa un gran volumen de tráfico. Un atacante podría explotar esta vulnerabilidad estableciendo una gran cantidad de conexiones TCP concurrentes al sistema vulnerable. Su explotación podría permitir que el atacante provoque un reinicio en un proceso determinado, lo que resulta en una interrupción temporal del servicio. Cisco Bug IDs: CSCvh77056, CSCvh77058, CSCvh95264.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-06-21 CVE Published
- 2023-12-22 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-769: DEPRECATED: Uncontrolled File Descriptor Consumption
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104521 | Third Party Advisory | |
http://www.securitytracker.com/id/1041172 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-vcse-dos | 2020-08-31 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Telepresence Video Communication Server Search vendor "Cisco" for product "Telepresence Video Communication Server" | - | expressway |
Affected
|