CVE-2018-0409

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM and Presence Service versions (affected versions not specified) Cisco TelePresence Video Communication Server versions (affected versions not specified)

Description The issue is caused by insufficient input validation in the XCP Router service, allowing a remote attacker to cause a denial of service condition by sending specially crafted IPv4 or IPv6 packets to TCP port 7400. This could result in a temporary service outage for all IM&P users. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service.

Recommendations For Cisco Unified Communications Manager IM and Presence Service, update to a version that fixes the issue. For Cisco TelePresence Video Communication Server, update to a version that fixes the issue. As a temporary workaround, consider restricting access to TCP port 7400 to minimize the risk of exploitation.