製品・ソフトウェアに関する情報

JVN脆弱性詳細

Cisco Expressway シリーズおよび TelePresence Video Communication Server のソフトウェアにおけるリソース管理に関する脆弱性

Title	Cisco Expressway シリーズおよび TelePresence Video Communication Server のソフトウェアにおけるリソース管理に関する脆弱性
Summary	Cisco Expressway シリーズおよび TelePresence Video Communication Server (VCS) のソフトウェアには、リソース管理に関する脆弱性が存在します。ベンダは、本脆弱性を Bug ID CSCve77571 として公開しています。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 18, 2017, midnight
Registration Date	Nov. 13, 2017, 11:42 a.m.
Last Update	Nov. 13, 2017, 11:42 a.m.

Affected System

シスコシステムズ

Cisco Expressway

Cisco TelePresence Conductor

Cisco TelePresence Video Communication Server ソフトウェア

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-12287	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12287
National Vulnerability Database (NVD)
2	CVE-2017-12287	https://nvd.nist.gov/vuln/detail/CVE-2017-12287

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
Cisco Security Advisory
1	cisco-sa-20171018-expressway-tp-vcs	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs

Change Log

No	Changed Details	Date of change
0	[2017年11月13日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-12287

Summary	A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system. A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition. Cisco Bug IDs: CSCve77571.
Publication Date	Oct. 19, 2017, 5:29 p.m.
Registration Date	Jan. 26, 2021, 1:13 p.m.
Last Update	Nov. 21, 2024, 12:09 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cisco:expressway::::::::
cpe:2.3:a:cisco:telepresence_video_communication_server::::::::
cpe:2.3:a:cisco:telepresence_conductor::::::::

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/101525	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/101525	Third Party Advisory VDB Entry
3	http://www.securitytracker.com/id/1039626	Third Party Advisory VDB Entry
4	http://www.securitytracker.com/id/1039626	Third Party Advisory VDB Entry
5	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs	Vendor Advisory
6	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html