PT-2019-1982 · Cisco · Cisco Expressway Series+1

Publicado

2019-04-17

·

Atualizado

2020-10-07

·

CVE-2019-1721

CVSS v3.1

7.7

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Cisco Expressway Series versions prior to X12.5.1 Cisco TelePresence Video Communication Server versions prior to X12.5.1
Description A vulnerability exists due to improper handling of XML input, allowing an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The attacker could exploit this by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device, exhausting CPU resources and requiring manual intervention for recovery.
Recommendations For Cisco Expressway Series versions prior to X12.5.1, update to Release X12.5.1 or later. For Cisco TelePresence Video Communication Server versions prior to X12.5.1, update to Release X12.5.1 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2019-01675
CVE-2019-1721

Produtos afetados

Cisco Expressway Series
Cisco Telepresence Video Communication Server