CVE-2016-1338

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Server (VCS) versions X8.5.1 through X8.5.2

Description The issue is caused by insufficient input validation in the device's software, allowing a remote attacker to cause a denial of service (VoIP outage) via a crafted SIP message.

Recommendations For versions X8.5.1 and X8.5.2, consider restricting access to the SIP functionality until a patch is available. As a temporary workaround, disabling the handling of crafted SIP messages may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.