CVE-2019-1720

Name of the Vulnerable Software and Affected Versions Cisco Expressway Series versions prior to X12.5.1 Cisco TelePresence Video Communication Server versions prior to X12.5.1

Description The issue is caused by insufficient input validation in the XML API, allowing a remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this by sending a specifically crafted XML payload, leading to 100% CPU utilization and exhausting CPU resources. This results in a DoS condition that persists until the system is manually rebooted.

Recommendations For Cisco Expressway Series versions prior to X12.5.1, update to version X12.5.1 or later to resolve the issue. For Cisco TelePresence Video Communication Server versions prior to X12.5.1, update to version X12.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the XML API to minimize the risk of exploitation.