CVE-2017-14114

{"id": "CVE-2017-14114", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2017-09-02T16:29:00.363", "references": [{"url": "https://rtpbleed.com", "tags": ["Press/Media Coverage", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets."}, {"lang": "es", "value": "RTPproxy hasta la versi\u00f3n 2.2.alpha.20160822 tiene una caracter\u00edstica NAT que resulta en que no se determina correctamente la direcci\u00f3n IP y el n\u00famero de puerto del destinatario leg\u00edtimo de tr\u00e1fico RTP, lo que permite que atacantes remotos obtengan informaci\u00f3n sensible o provoquen una denegaci\u00f3n de servicio (interrupci\u00f3n de la comunicaci\u00f3n) mediante paquetes RTP manipulados."}], "lastModified": "2017-09-19T17:33:45.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rtpproxy:rtpproxy:*:alpha.20160822:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4529ABC9-0034-496E-98E9-E21976F96893", "versionEndIncluding": "2.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}