Informazioni sul CVE-2019-1721
Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
CWE ID: CWE-20
Base Score (CVSS): N/A
CVE: CVE-2019-1721
Descrizione: A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. This vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence Video Communication Server Releases X12.5.1 and later.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos
- http://www.securityfocus.com/bid/108016
Prodotti interessati
- Cisco – Cisco TelePresence Video Communication Server (VCS)
Relazioni con altri prodotti
Produttore:Cisco
Prodotto: Cisco TelePresence Video Communication Server (VCS)
Anno: 2019
CWE: CWE-20
CVSS: 0.0