What is CVE-2017-3792?

CVE-2017-3792 is a critical-severity vulnerability in Cisco Telepresence_mcu_4505, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2017-02-01.

How severe is CVE-2017-3792?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Improper input validation in Cisco Telepresence_mcu_4505

CVE-2017-3792

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) conditio…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.019 (83.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Telepresence_mcu_4505
Cisco Telepresence_mcu_4510
Cisco Telepresence_mcu_4515
Cisco Telepresence_mcu_4520
Cisco Telepresence_mcu_5310
Cisco Telepresence_mcu_5320
Cisco Telepresence_mcu_mse_8510
Cisco Telepresence_mcu_software — versions 4.3_\(1.68\), 4.3_\(2.18\), 4.3_\(2.30\)
N/a Cisco Telepresence Multipoint Control Unit (Mcu) Software Version 4.3(1.68) Or Later Configured For Passthrough Content Mode — versions Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@cisco.com (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2017-3792?: CVE-2017-3792 is a critical-severity vulnerability in Cisco Telepresence_mcu_4505, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2017-02-01.
How severe is CVE-2017-3792?: Critical severity. CVSS v3 base score is 9.8 out of 10.