CVE-2017-12287

Name of the Vulnerable Software and Affected Versions Cisco Expressway Series Software (affected versions not specified) Cisco TelePresence Video Communication Server (VCS) Software (affected versions not specified)

Description The issue is related to incomplete input validation of URL requests by the REST API, which could allow an authenticated, remote attacker to cause the cluster database (CDB) process to restart unexpectedly. This results in a temporary denial of service (DoS) condition. An attacker could exploit this by sending a crafted URL to the REST API. A successful exploit could cause the CDB process to restart, leading to a temporary DoS condition.

Recommendations For Cisco Expressway Series Software, update to a version that includes the fix for Cisco Bug ID: CSCve77571. For Cisco TelePresence Video Communication Server (VCS) Software, update to a version that includes the fix for Cisco Bug ID: CSCve77571. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation.