CVE-2017-14114
Publication date 2 September 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets.
Status
Package | Ubuntu Release | Status |
---|---|---|
rtpproxy | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy |
Vulnerable
|
|
20.04 LTS focal |
Vulnerable
|
|
18.04 LTS bionic |
Vulnerable
|
|
16.04 LTS xenial |
Vulnerable
|
|
14.04 LTS trusty | Not in release |
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | Low |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |