CVE-2015-0772

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Server (VCS) version X8.5RC4

Description The issue is caused by resource management errors in the device's software. It allows a remote attacker to cause a denial of service, potentially leading to CPU consumption or device outage, by sending a specially crafted SDP parameter-negotiation request during a SIP connection.

Recommendations For Cisco TelePresence Video Communication Server (VCS) version X8.5RC4, consider restricting access to the SDP parameter-negotiation request during SIP connections until a patch is available. As a temporary workaround, disabling the vulnerable function related to SDP session handling may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.