CVE-2017-3790 Cisco CVE debrief

Who should care

Administrators and security teams responsible for Cisco Expressway and Cisco TelePresence VCS deployments, especially systems exposed to H.323/RTP traffic.

Technical summary

The vulnerability is a network-reachable parser flaw: user-supplied packet contents are not adequately size-checked before being handled by the received packet parser. The result is a buffer overflow in parser cache handling, which can crash the application and force a reload. NVD lists the issue with CVSS 3.0 vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H, matching a high-severity availability impact with no privileges or user interaction required.

Defensive priority

High — unauthenticated remote DoS against Cisco telepresence/expressway systems, with no workaround listed.

Recommended defensive actions

• Apply Cisco’s software update that addresses the issue and move affected systems to version X8.8.2 or later.
• Prioritize internet-facing or externally reachable Expressway and VCS instances for remediation first.
• Verify whether any deployed Cisco Expressway or VCS releases fall within the affected ranges listed by NVD/Cisco.
• Monitor service health and reload events on affected systems while patching is planned.
• Review exposure to H.323/RTP traffic paths and restrict access where operationally possible.

Evidence notes

This debrief is based on the supplied CVE/NVD summary and Cisco advisory reference. The summary states the flaw affects Cisco Expressway Series and Cisco TelePresence VCS software prior to X8.8.2, is triggered by crafted H.224 data in RTP packets during an H.323 call, and can cause a reload/DoS due to insufficient size validation. NVD lists CWE-20 and CWE-119, and the vendor indicates there is no workaround.

Official resources